CVE-2020-8654

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...

OSS Endpoint Manager 路径遍历漏洞

OSS Endpoint Manager is a FreePBX Contributed Modules open source module for FreePBX. A path traversal vulnerability exists in OSS Endpoint Manager version 14.0.3 and prior versions, which originates from allowing unauthorized access by an authenticated Web user to read system files with the...

CVE-2018-18877

In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can access an alternative configuration page configmain.php that allows manipulation of the device...

Command injection

In firmware version MS2.6.9900 of Columbia Weather MicroServer, an authenticated web user can pipe commands directly to the underlying operating system as user input is not sanitized in networkdiags.php...

Command Execution Vulnerability in the pelco Sarix Enhanced Dot1xSetupController.php File

pelco Sarix Enhanced is a webcam. A command execution vulnerability exists in the pelco Sarix Enhanced Dot1xSetupController.php file. The vulnerability is caused due to the program failing to properly perform validity checks when processing user-submitted data, allowing an attacker who has been...