SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution

SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the systemlog.cgi page. id: CVE-2020-17456 info: name: SEOWON INTECH SLC-130 & SLR-120S - Unauthenticated Remote Code Execution author: gy741,edoardottt severity: critical description: SEOWON INTECH...

Sonatype Nexus Repository Manager 3 - Remote Code Execution

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection id: CVE-2020-10199 info: name: Sonatype Nexus Repository Manager 3 - Remote Code Execution author: rootxharsh,iamnoooob,pdresearch severity: high description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection impact: |...

Apache Solr - Deserialization of Untrusted Data

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side. id:...

Deltek Maconomy 2.2.5 - Local File Inclusion

Deltek Maconomy 2.2.5 is prone to local file inclusion via absolute path traversal in the WS.macx1.WMCS/ PATHINFO, as demonstrated by a cgi-bin/Maconomy/MaconomyWS.macx1.WMCS/etc/passwd URI. id: CVE-2019-12314 info: name: Deltek Maconomy 2.2.5 - Local File Inclusion author: madrobot severity:...

Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution

Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. id: CVE-2019-7238 info: name: Sonatype Nexus Repository Manager 3.15.0 - Remote Code Execution author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible t...

Citrix SD-WAN Center - Remote Command Injection

Citrix SD-WAN Center is susceptible to remote command injection via the apply action in StorageMgmtController. The callStoragePerl function does not sufficiently validate or sanitize HTTP request parameter values that are used to construct a shell command. An attacker can trigger this vulnerabili...

Atlassian Jira Server-Side Template Injection

Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and...

ifw8 Router ROM v4.31 - Credential Discovery

ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source code. id: CVE-2019-16313 info: name: ifw8 Router ROM v4.31 - Credential Discovery author: pikpikcu severity: high description: ifw8 Router ROM v4.31 is vulnerable to credential disclosure via...

WordPress GraceMedia Media Player 1.0 - Local File Inclusion

WordPress GraceMedia Media Player plugin 1.0 is susceptible to local file inclusion via the cfg parameter. id: CVE-2019-9618 info: name: WordPress GraceMedia Media Player 1.0 - Local File Inclusion author: daffainfo severity: critical description: WordPress GraceMedia Media Player plugin 1.0 is...

Revive Adserver 4.2 - Remote Code Execution

Revive Adserver 4.2 is susceptible to remote code execution. An attacker can send a crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. This can be exploited to perform various types of attacks, e.g...

Kyocera Printer d-COPIA253MF - Directory Traversal

Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server. id: CVE-2020-23575 info: name: Kyocera Printer d-COPIA253MF - Directory Traversal author: 0xAkoko severity: high...

74CMS - Remote File Inclusion

PHP remote file inclusion in the assignresumetpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. id: CVE-2020-29279 info: name: 74CMS - Remote File Inclusion author: DhiyaneshDK severity: critical description: | PHP remote file...

NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution

NETGEAR ProSAFE Plus before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has ...

Majordomo2 - SMTP/HTTP Directory Traversal

A directory traversal vulnerability in the listfileget function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. dot dot sequences in the help command, as demonstrated using 1 a crafted email and 2 cgi-bin/mjwwwusr in the web interface. id:...

Apache OFBiz <=16.11.07 - Cross-Site Scripting

Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized. id: CVE-2020-1943 info: name: Apache OFBiz =16.11.07 - Cross-Site Scripting author: pdteam severity: medium description: Apache OFBiz 16.11.01 to 16.11.07 ...

PHP-Fusion 9.03.50 - Remote Code Execution

PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution. id: CVE-2020-24949 info: name: PHP-Fusion 9.03.50 - Remote Code Execution author: geeknik severity: high description: PHP-Fusion 9.03.50...

Artica Web Proxy 4.30 - OS Command Injection

Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via servicecmdspeform. id: CVE-2020-17505 info: name: Artica Web Proxy 4.30 - OS Command Injection author: dwisiswant0...

WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution

WordPress themes including Shapely = 1.2.7, NewsMag = 2.4.1, Activello = 1.4.0, Illdy = 2.1.4, Allegiant = 1.2.2, Newspaper X = 1.3.1, Pixova Lite = 2.0.5, Brilliance = 1.2.7, MedZone Lite = 1.2.4, Regina Lite = 2.0.4, Transcend = 1.1.8, Affluent = 1.1.0, Bonkers = 1.0.4, Antreas = 1.0.2, Sparkli...

Inspur ClusterEngine 4.0 - Remote Code Execution

Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server. id: CVE-2020-21224 info: name: Inspur ClusterEngine 4.0 - Remote Code Execution author: pikpikcu severity: critical description: Inspur...

TP-Link - OS Command Injection

The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. id: CVE-2021-41653 info: name: TP-Link - OS Command Injection author: gy741 severity: critical...