Apache HertzBeat 安全漏洞

Apache HertzBeat is a tool developed by the Apache company that can monitor various components. Versions of Apache HertzBeat prior to 1.8.0 contained a security vulnerability, which was caused by improper data neutralization of XPath expressions, potentially leading to XPath injection attacks...

CVE-2024-2645

A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is...

EUVD-2022-47999

Malicious code in bioql PyPI...

The vulnerability of the getBlock() function in the monitoring and security management tool Trend Micro Apex Central allows a threat to execute arbitrary code.

The vulnerability of the getBlock function in the Trend Micro Apex Central security monitoring and management tool is related to the failure to take measures to neutralize specific elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2024-49355

IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature...

CVE-2024-7699

CVE-2024-7699 affects PHOENIX CONTACT MGUARD devices. The issue is an OS command injection caused by improper neutralization of certain user data elements, enabling a low-privileged remote attacker to execute commands with root privileges. The vulnerability is network-exploitable (AV:N, AC:L, PR:...

CVE-2024-2648 Netentsec NS-ASG Application Security Gateway naccheck.php xpath injection

A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is...

WordPress Plugin Custom Post Carousels with Owl Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

The vulnerability of the microprogramming software of the D-Link DAP-1325 wireless signal amplifier arises from incorrect neutralization of certain elements in the output data. This allows a hacker to execute arbitrary code.

The vulnerability of the microprogramming software of the D-Link DAP-1325 wireless signal amplifier is related to incorrect neutralization of certain elements in the output data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

Schneider Electric Easergy T300 安全漏洞

The Schneider Electric Easergy T300 is a remote terminal unit for the power industry from Schneider Electric France. A security vulnerability exists in the Schneider Electric Easergy T300 that originates from an error in the product's data neutralization process. The vulnerability could allow an...

CVE-2021-22204

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...

The vulnerability of Mutt and NeoMutt email clients stems from deficiencies in the process of neutralizing special characters in the output data used by the incoming component. This allows attackers to gain unauthorized access to protected information.

The vulnerability of Mutt and NeoMutt email clients is related to deficiencies in the process of neutralizing special elements in the output data used by the incoming component. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected...

The vulnerability of the WASSP discriver of the Wireshark network traffic analyzer allows a hacker to cause a service failure.

The vulnerability of the WASSP discriminator in the Wireshark network traffic analyzer is related to incorrect neutralization of special elements in the output data. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

The vulnerability of Cisco Umbrella’s security cloud service stems from deficiencies in the process of neutralizing special elements in the output data used by the incoming component. This allows attackers to execute arbitrary code using a specially crafted URL.

The vulnerability of Cisco Umbrella security cloud service is related to deficiencies in the process of neutralizing special elements in the output data used by the incoming component. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted URL...

The vulnerability of the GetInfoCommand function in the PDF file conversion software pdf-image for Node.js allows a hacker to execute arbitrary commands on the server.

The vulnerability of the GetInfoCommand function in the PDF conversion software for Node.js lies in the lack of mechanisms to neutralize special elements in the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted request...