2391 matches found
CVE-2022-39822
In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation...
PT-2023-13732 · Nokia · Nokia Nfm-T
Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: A SQL Injection issue occurs in the /cgi-bin/R19.9/easy1350.pl endpoint of the VM Manager WebUI, specifically via the id or host HTTP GET parameters. This issue requires an authenticated attacker for...
CVE-2022-39822
Summary: CVE-2022-39822 is a SQL injection vulnerability affecting Nokia NFM-T R19.9, specifically in the VM Manager WebUI at /cgi-bin/R19.9/easy1350.pl. The issue can be triggered via the HTTP GET parameters id or host, and exploitation requires an authenticated attacker. The available connected...
CVE-2023-5010
Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database...
Inductive Automation Ignition ModuleInvoke Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability. The specific flaw exists within the ModuleInvoke class. The issue results from the lack of proper validation o...
CVE-2023-38126
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...
CVE-2023-38126
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...
Remote code execution
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...
CVE-2023-38126 Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability
Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this vulnerability. The specific fl...
TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the libcmm.so module. The issue results from the lack of proper...
OESA-2023-1925 activemq security update
The most popular and powerful open source messaging and Integration Patterns server. Security Fixes: Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request...
postgresql: Buffer overrun from integer overflow in array modification
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...
AZL-32104 CVE-2023-5869 affecting package postgresql for versions less than 14.10-1
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing...
AXIS Os Path Traversal Vulnerability
AXIS Os is an edge device operating system from AXIS of Sweden. AXIS Os has a security vulnerability that stems from the VAPIX API Manageoverlayimage.cgi is vulnerable to a path traversal attack that allows file/folder deletion. The flaw can only be exploited after authenticating with an operator...
PT-2023-7489 · Axis Communications · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX API irissetup.cgi is vulnerable to path traversal attacks, allowing for file deletion. This issue can only be exploited after authenticating with an operator- or...
PT-2023-7488 · Axis · Axis Os
Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: The VAPIX API dynamicoverlay.cgi is vulnerable to a Denial-of-Service attack, allowing an attacker to block access to the overlay configuration page in the web interface of the Axis device...
Microsoft Exchange GsmWriter Deserialization of Untrusted Data NTLM Relay Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition or relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the lack of protection against deserialization of...
CVE-2023-47646
Auth. Shop Manager+ Stored Cross-Site Scripting XSS vulnerability in CedCommerce Recently viewed and most viewed products plugin = 1.1.1 versions...
CVE-2023-27306
Improper Initialization in firmware for some IntelR OptaneTM SSD products may allow an authenticated user to potentially enable denial of service via local access...
PT-2023-29242 · Tp Link · Tp-Link Archer A54
Name of the Vulnerable Software and Affected Versions: TP-Link Archer A54 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer A54 routers. The specific flaw exists within the file libcmm.so...