CVE-2023-28055

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information...

CVE-2023-28055

Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information...

CVE-2023-31432 - Privilege issues in multiple commands

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. An elevation of privilege vulnerability exists in the F5 BIG-IP iRule, which can be exploited by attackers to connect to...

CVE-2022-35222

HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service...

Deserialization of untrusted data

EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate...

National Health Insurance 缓冲区错误漏洞

National Health Insurance NHI is a health insurance program health insurance card in Taiwan, China. A security vulnerability exists in National Health Insurance that stems from insufficient validation of network packet header lengths and a stack-based buffer overflow, which could be exploited by ...

CVE-2022-1361

The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices...

CVE-2020-6020

Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator...

CVE-2019-0304

FTP Function of SAP NetWeaver AS ABAP Platform, versions- KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.73, KERNEL 7.21, 7.45, 7.49, 7.53, 7.73, allows an attacker to inje...

CVE-2019-3913

Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service...

CVE-2019-3913

Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service...

CVE-2019-3913

Command manipulation in LabKey Server Community Edition before 18.3.0-61806.763 allows an authenticated remote attacker to unmount any drive on the system leading to denial of service...

CVE-2019-3913

CVE-2019-3913 affects LabKey Server Community Edition prior to 18.3.0-61806.763. It is a logic flaw in the network drive mapping functionality where lack of input sanitization in the mount() path allows an authenticated user to unmount drives, leading to denial of service. Affected component: Lab...

Hyperledger: many commands can be manipulated to delete identities or affiliations

Introduction: The Faric-ca data in http body and authorization header for many commands that send from client to server are protected by signature. But I find the identity and affiliation commands still have the risk to be manipulated. Hacker can manipulate most other commands to delete identitie...

squirrelmail 1.2.5 email user can execute command

email user can append $THEME variable through cookies ---------------- start sq125x --------------------- !/bin/bash squirrelmail-1.2.5 remote execution by pokleyzz http://www.inetd-secure.net usage : ./sq125x themecount username password url command example : ./sq125x 2 pokley 123456...