ThinkAdmin 6 - Local File Inclusion

ThinkAdmin version 6 is affected by a local file inclusion vulnerability because an unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. id: CVE-2020-25540 info: name: ThinkAdmin 6 - Local File Inclusion author: geeknik severity: high description:...

Apache OFBiz <=16.11.07 - Cross-Site Scripting

Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized. id: CVE-2020-1943 info: name: Apache OFBiz =16.11.07 - Cross-Site Scripting author: pdteam severity: medium description: Apache OFBiz 16.11.01 to 16.11.07 ...

MSNSwitch Firmware MNT.2408 - Authentication Bypass

MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations. id: CVE-2022-32429 info: name:...

Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

Joomla! JCK Editor SQL Injection

The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. id: CVE-2018-17254 info: name: Joomla! JCK Editor SQL Injection author: SumanKar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection vi...

Apache HTTP Server <=2.4.39 - HTML Injection/Partial Cross-Site Scripting

Apache HTTP Server versions 2.4.0 through 2.4.39 are vulnerable to a limited cross-site scripting issue affecting the modproxy error page. An attacker could cause the link on the error page to be malformed and instead point to a page of their choice. This would only be exploitable where a server...

D-Link Central WiFi Manager CWM(100) - Remote Code Execution

/web/Lib/Action/IndexAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to execute arbitrary PHP code via a cookie because a cookie's username field allows eval injection, and an empty password bypasses authentication. id: CVE-2019-13372 info:...

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the /includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

Aviatrix Controller 6.x before 6.5-1804.1922 - Remote Command Execution

Aviatrix Controller 6.x before 6.5-1804.1922 contains a vulnerability that allows unrestricted upload of a file with a dangerous type, which allows an unauthenticated user to execute arbitrary code via directory traversal. id: CVE-2021-40870 info: name: Aviatrix Controller 6.x before 6.5-1804.192...

WordPress Secure Copy Content Protection and Content Locking <2.8.2 - SQL Injection

WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccpid parameter of the ayssccpresultsexportfile AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL...

Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28480 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

APsystems ECU-R Firmware - Command Injection

Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter. id: CVE-2022-45699 info: name: APsystems ECU-R Firmware - Command Injection author: pussycat0x severity:...

HTML Email Template Designer < 3.1 - Missing Authorization on Rest Route

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

Adobe Commerce (Magento) - Remote Code Execution

Adobe Commerce versions 2.4.3-p1 and earlier and 2.3.7-p2 and earlier are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary code execution. id: CVE-2022-24086 info: name:...

Razer Sila Gaming Router - Remote Code Execution

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. id: CVE-2022-29013 info: name: Razer Sila Gaming Router - Remote Code Execution author: DhiyaneshDK severity: critical descriptio...

ZKTeco BioTime v8.5.5 - Path Traversal

A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. id: CVE-2023-38950 info: name: ZKTeco BioTime v8.5.5 - Path Traversal author: iamnoooob,pdresearch severity: high description: | A pa...

Jeecg-Boot v3.5.1 - SQL Injection

SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData in jeecg-boot v3.5.1. id: CVE-2023-38992 info: name: Jeecg-Boot v3.5.1 - SQL Injection author: ritikchaddha severity: critical description: | SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData...

BillQuick Web Suite SQL Injection

BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xpcmdshell. id: CVE-2021-42258 info: name: BillQuick Web Suite SQL Injection...

vBulletin 5.5.4 - 5.6.2- Remote Command Execution

vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. id: CVE-2020-17496 info: name: vBulletin 5.5.4 - 5.6.2- Remote Comman...

GeoServer OGC Filter - SQL Injection

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language CQL as part of the Web Feature Service WFS and Web Map Service WMS protocols. CQL is...