CVE-2021-43097

The provided connected documents indicate CVE-2021-43097 affects the bbs 5.3 web application, specifically a Server-side Template Injection (SSTI) in TemplateManageAction.java that could allow a malicious user to execute arbitrary code. This establishes the component/file and the underlying vulne...

CVE-2022-23880

An arbitrary file upload vulnerability in the File Management function module of taoCMS v3.0.2 allows attackers to execute arbitrary code via a crafted PHP file...

Snapt Aria Cross-Site Request Forgery Vulnerability

Snapt Aria is an enterprise ADC solution from Snapt USA that provides a load balancer, web gas pedal, web application firewall WAF, global server load balancer GSLB, etc. A cross-site request forgery vulnerability exists in Snapt Aria version 12.8, which stems from a WEB application that does not...

CVE-2020-26008

The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

CVE-2020-26007

An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file...

ROS-20220317-01

Apache HTTP Server web server vulnerability is related to a bounds error in LimitXMLRequestBody. Exploitation vulnerability could allow an attacker acting remotely to cause memory corruption and execute arbitrary code on the target system Apache HTTP Server web server vulnerability is related to...

Ubuntu: Security Advisory (USN-5323-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Summary Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. CSM version 6.3.2 ships the latest library available 2.17.1. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache Log4j could...

Tenda AX1806 Stack Overflow Vulnerability

Tenda AX1806 is a WiFi6 wireless router from Tenda, a Chinese company. Tenda AX1806 is vulnerable to a stack overflow vulnerability, which allows remote attackers to submit special requests that could crash an application or execute arbitrary code in application context...

CVE-2022-26846

SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code...

KLA12481 Multiple vulnerabilities in Microsoft System Center

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Defender for IoT c...

GHSA-QWH6-XWJ4-9CJG Remote code execution in net.mingsoft:ms-mcms

net.mingsoft:ms-mcms =5.2.5 is affected by: RCE. The impact is: execute arbitrary code remote. The attack vector is: $"freemarker.template.utility.Execute"?new"calc". ¶¶ MCMS has a pre-auth RCE vulnerability through which allows unauthenticated attacker with network access via http to compromise...

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or...

KLA12482 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in ANGLE can be exploited to cause...

CVE-2021-23206

A flaw was found in htmldoc in v1.9.12 and prior. A stack buffer overflow in parsetable in ps-pdf.cxx may lead to execute arbitrary code and denial of service...

CVE-2021-41193

Wire-AVS (the AVS component of Wire) is affected by a remote format string vulnerability in versions before 7.1.12. The issue can lead to denial of service or potentially arbitrary code execution. A fix is available in wire-avs 7.1.12 and has been integrated into Wire products. Connected sources ...