2698 matches found
CVE-2021-39368
CVE-2021-39368 affects Canon Oce Print Exec Workgroup 1.3.2, where an XSS flaw exists in the lang parameter. The vulnerability targets the application’s web interface and allows script execution in a user’s browser. References in connected records corroborate the XSS claim; no explicit exploit de...
CVE-2021-39367
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...
CVE-2021-39367
CVE-2021-39367 affects Canon Oce Print Exec Workgroup 1.3.2 and concerns a vulnerability where the host header can be injected. This is documented across multiple sources (NVD and RH Red Hat entries). The vulnerability is described as a host header injection issue; no exploit details or affected ...
Canon Oce Print Exec Workgroup 跨站脚本漏洞
Canon Oce Print Exec Workgroup is a software application from Canon Japan. It is a program that displays basic printer information. A security vulnerability exists in Canon Oce Print Exec Workgroup version 1.3.2, which allows an attacker to conduct XSS attacks via the lang parameter...
Command injection
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped...
rConfig 操作系统命令注入漏洞
rConfig is an open source network configuration management utility program. An operating system command injection vulnerability exists in rConfig version 3.9.5, which stems from the rConfig path parameter being passed directly to the exec function without being escaped. The vulnerability can be...
PT-2021-10845 · Rconfig · Rconfig
Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.5 Description: The issue allows command injection by sending a crafted GET request to "lib/ajaxHandlers/ajaxArchiveFiles.php" since the path parameter is passed directly to the exec function without being escaped...
Backdoor.Win32.Zaratustra Remote File Write / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f240c16af2189ea9c94f317281ce7e59.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zaratustra Vulnerability: Unauthenticated Remote File Write Remote Code Exec...
GSD-2021-1001360 powerpc/mm: Fix lockup on kernel exec fault
powerpc/mm: Fix lockup on kernel exec fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.133 by commit...
UVI-2021-1001360 powerpc/mm: Fix lockup on kernel exec fault
powerpc/mm: Fix lockup on kernel exec fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.133 by commit...
UVI-2021-1001225 powerpc/mm: Fix lockup on kernel exec fault
powerpc/mm: Fix lockup on kernel exec fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.3 by commit...
Cross-Site Scripting (XSS)
Apache drill-java-exec is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the queryId...
CVE-2021-31580
The restricted shell provided by Akkadian Provisioning Manager Engine PME can be bypassed by switching the OpenSSH channel from shell to exec and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62476)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in the DNS Snap-in in...
The vulnerability of the PostScriptFunction::exec function in the Function.cc component of the Poppler PDF rendering library, related to division by zero, allows a malicious actor to cause a service failure.
The vulnerability of the PostScriptFunction::exec function in the Function.cc component of the Poppler PDF rendering library is related to division by zero. Exploiting this vulnerability allows a remote attacker to cause a service failure...
CVE-2020-22249
Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...
Virus.Win32.Shodi.e Remote Command Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/37d4a5ba123dd32f1e2c4ba0be14e77cB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Virus.Win32.Shodi.e Vulnerability: Unauthenticated Remote Command Execution Description: The virus...
PT-2024-11348 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The powerpc kernel is not prepared to handle exec faults from kernel. The function is exec fault returns 'false' when an exec fault is taken by kernel, because the check is based on...
GHSA-V85C-HGQ5-7PFW Arbitrary Command Injection
This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...
CVE-2021-23399
This affects all versions of package wincred. If attacker-controlled user input is given to the getCredential function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...