2659 matches found
CVE-2021-39367
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...
CVE-2021-39368
Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...
CVE-2021-39367
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...
Design/Logic Flaw
Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...
Design/Logic Flaw
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...
CVE-2021-39368
Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter...
CVE-2021-39368
CVE-2021-39368 affects Canon Oce Print Exec Workgroup 1.3.2, where an XSS flaw exists in the lang parameter. The vulnerability targets the application’s web interface and allows script execution in a user’s browser. References in connected records corroborate the XSS claim; no explicit exploit de...
CVE-2021-39367
Canon Oce Print Exec Workgroup 1.3.2 allows Host header injection...
CVE-2021-39367
CVE-2021-39367 affects Canon Oce Print Exec Workgroup 1.3.2 and concerns a vulnerability where the host header can be injected. This is documented across multiple sources (NVD and RH Red Hat entries). The vulnerability is described as a host header injection issue; no exploit details or affected ...
Canon Oce Print Exec Workgroup 跨站脚本漏洞
Canon Oce Print Exec Workgroup is a software application from Canon Japan. It is a program that displays basic printer information. A security vulnerability exists in Canon Oce Print Exec Workgroup version 1.3.2, which allows an attacker to conduct XSS attacks via the lang parameter...
Command injection
rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped...
rConfig 操作系统命令注入漏洞
rConfig is an open source network configuration management utility program. An operating system command injection vulnerability exists in rConfig version 3.9.5, which stems from the rConfig path parameter being passed directly to the exec function without being escaped. The vulnerability can be...
PT-2021-10845 · Rconfig · Rconfig
Name of the Vulnerable Software and Affected Versions: rConfig version 3.9.5 Description: The issue allows command injection by sending a crafted GET request to "lib/ajaxHandlers/ajaxArchiveFiles.php" since the path parameter is passed directly to the exec function without being escaped...
Backdoor.Win32.Zaratustra Remote File Write / Code Execution
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f240c16af2189ea9c94f317281ce7e59.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zaratustra Vulnerability: Unauthenticated Remote File Write Remote Code Exec...
GSD-2021-1001360 powerpc/mm: Fix lockup on kernel exec fault
powerpc/mm: Fix lockup on kernel exec fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.133 by commit...
UVI-2021-1001360 powerpc/mm: Fix lockup on kernel exec fault
powerpc/mm: Fix lockup on kernel exec fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.133 by commit...
UVI-2021-1001225 powerpc/mm: Fix lockup on kernel exec fault
powerpc/mm: Fix lockup on kernel exec fault This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.13.3 by commit...
Cross-Site Scripting (XSS)
Apache drill-java-exec is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript in a user's browser via the queryId...
CVE-2021-31580
The restricted shell provided by Akkadian Provisioning Manager Engine PME can be bypassed by switching the OpenSSH channel from shell to exec and providing the ssh client a single execution parameter. This issue was resolved in Akkadian OVA appliance version 3.0 and later, Akkadian Provisioning...
Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62476)
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in the DNS Snap-in in...