Meshtastic 授权问题漏洞

Meshtastic is a decentralized wireless off-grid mesh network LoRa protocol open-sourced by Meshtastic. An authorization issue vulnerability exists in Meshtastic versions prior to 2.6.3, which stems from bypassing public key authentication and could lead to malicious key overwriting...

Trend Micro Mobile Security for Enterprises widget set_certificates_config Unrestricted File Upload Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Trend Micro Mobile Security for Enterprises. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within...

Fortinet FortiWeb has an unspecified vulnerability (CNVD-2021-101136)

Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...

Micro Focus Operations Bridge Manager FoldersFacade Deserialization Of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager checkDiscoveryEthSwCandidates4List SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Cisco Data Center Network Manager setVxlanProperties SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco Data Center Network Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

CVE-2019-6832

A CWE-287: Authentication vulnerability exists in spaceLYnk all versions before 2.4.0 and Wiser for KNX all versions before 2.4.0 - formerly known as homeLYnk, which could cause loss of control when an attacker bypasses the authentication...

CVE-2018-6624

OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct request to the .html file for a specific screen, as demonstrated by monitor.html...

PHPMYWIND sql 一枚 无视GPC

简要描述： 今天又去重新看了看phpmywind 在官网上下的 版本还是4.6.6 无需登录 无需单引号。 详细说明： 在order.php中 ifempty$COOKIE'shoppingcart' header'location:shoppingcart.php'; exit; //不允许游客下单跳转登陆 ifempty$COOKIE'username' header'location:member.php?c=login'; exit; 让这两个不为空就好。 $action = isset$action ? $action : ''; $datagroup =...

CVE-2012-4688

The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support...

CVE-2008-2705

Unspecified vulnerability in Sun Java System Access Manager AM 7.1, when used with certain versions and configurations of Sun Directory Server Enterprise Edition DSEE, allows remote attackers to bypass authentication via unspecified vectors...

CVE-2007-5057

NetSupport Manager Client before 10.20.0004 allows remote attackers to bypass the 1 basic and 2 authentication schemes by spoofing the NetSupport Manager...

CVE-2005-2645

Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication...

CVE-2001-1460

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter...