10124 matches found
D-Link DIR-3060 1.11b04 Command Injection Vulnerability
title: Authenticated Command Injection in D-Link DIR-3060 Web Interface vendor/product: D-Link DIR-3060 https://www.dlink.com/ vulnerable version: v1.11b04 & Below fixed version: v1.11b04 Hotfix 2 CVE number: CVE-2021-28144 impact: 8.8 high CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Vendor...
CVE-2021-26963
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave CLI could allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could...
CVE-2021-26965
A remote authenticated sql injection vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Multiple vulnerabilities in the API of AirWave could allow an authenticated remote attacker to conduct SQL injection attacks against the AirWave instance. An attacke...
CVE-2021-26971
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A...
CVE-2021-26970
A remote authenticated arbitrary command execution vulnerability was discovered in Aruba AirWave Management Platform versions: Prior to 8.2.12.0. Vulnerabilities in the AirWave web-base management interface could allow remote authenticated users to run arbitrary commands on the underlying host. A...
CVE-2020-36079
Zenphoto through 1.5.7 is affected by authenticated arbitrary file upload, leading to remote code execution. The attacker must navigate to the uploader plugin, check the elFinder box, and then drag and drop files into the FileselFinder portion of the UI. This can, for example, place a .php file i...
CVE-2021-20659
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code...
CVE-2021-26679
A remote authenticated command injection vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the ClearPass web-based management interface allows remote authenticated users to run arbitrary commands on the underlying...
CVE-2021-3149
On Netshield NANO 25 10.2.18 devices, /usr/local/webmin/System/manualping.cgi allows OS command injection after authentication by the attacker because the system C library function is used unsafely...
CVE-2021-27328
Yeastar NeoGate TG400 91.3.0.3 devices are affected by Directory Traversal. An authenticated user can decrypt firmware and can read sensitive information, such as a password or decryption key...
Pimcore 路径遍历漏洞
Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A security vulnerability exists in Pimcore. The...
CVE-2021-1416
Multiple vulnerabilities in the Admin portal of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. These vulnerabilities are due to improper enforcement of administrator privilege levels for sensitive data. An attacker with read-only...
CVE-2021-20072
CVE-2021-20072 affects RACOM MIDGE firmware 4.4.40.105. The vulnerability is a directory traversal flaw in the firmware that, when authenticated, allows an attacker to arbitrarily access and delete files. Public risk details indicate high impact on confidentiality, integrity, and availability. Co...
CVE-2021-20072
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral...
CVE-2020-35559
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users...
PT-2021-2185 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to XML injection in the Widgets module of Magento. Successful exploitation could lead to arbitrary...
CVE-2021-1343
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...
CVE-2021-1341
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...
CVE-2021-1329
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...
CVE-2021-1336
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. These vulnerabilities are due t...