The vulnerability of the eDocLib platform for storing and processing corporate data lies in the insufficient verification of input data. This allows a malicious actor to alter the execution sequence of programs and gain access to system reference materials without having the necessary access rights.

The vulnerability of the eDocLib platform for storing and processing corporate data is related to insufficient validation of input data. Users who do not have permission to access certain system reference guides including the access management reference guide may gain access to these guides throu...

CVE-2020-12855

A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status...

CVE-2020-12855

A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status...

Pi-hole Code Injection Vulnerability

Pi-hole is a web-grade ad-blocking application from Pi-hole. A code injection vulnerability exists in piholedhcp in Pi-hole 5.0 and prior versions. The vulnerability stems from a network system or product not properly filtering specific elements of the code segment constructed from external input...

Blamer Code Injection Vulnerability

blamer is a tool for obtaining code author information from a version control system. A code injection vulnerability exists in blamer 1.0.0 and prior versions, which arises from the failure of a network system or product to properly filter specific elements of externally input data during the...

dot package code injection vulnerability

dot package is a JavaScript template engine . A code injection vulnerability exists in dot package v1.1.2. The vulnerability stems from the failure of a network system or product to properly filter specific elements of externally input data during the construction of code snippets. An attacker...

LibMiner: Container-Based Cryptocurrency Miner Targeting Unprotected Redis Servers

Qualys is actively tracking threats which target containers. In our recent analysis, we have identified a few docker instances executing a malware which we term as “LibMiner”. This malware has the capability to deploy and execute Cryptominer. It uses a unique technique for lateral movement across...

node-df code injection vulnerability

node-df is a cross-platform wrapper for Node.js. A code injection vulnerability exists in node-df version v0.1.4. The vulnerability stems from the process of constructing a code snippet from externally inputted data, where the network system or product does not properly filter special elements of...

tree-kill code injection vulnerability (CNVD-2020-03698)

tree-kill is a package for killing processes in the process tree. A code injection vulnerability exists in tree-kill Windows. The vulnerability arises from a network system or product that does not properly filter specific elements of externally input data during the construction of a code segmen...

tree-kill code injection vulnerability (CNVD-2019-46973)

tree-kill is a package for killing processes in the process tree. A code injection vulnerability exists in tree-kill Windows. The vulnerability arises from a network system or product that does not properly filter specific elements of externally input data during the construction of a code segmen...

SonicWall SMA100 Code Injection Vulnerability

The SonicWall SMA100 is a secure access gateway appliance from SonicWall USA. A code injection vulnerability exists in SonicWall SMA100 version 9.0.0.4 and earlier. The vulnerability stems from the failure of a network system or product to properly filter specific elements of externally input dat...

phpfastcache cookie driver code injection vulnerability

phpfastcache is a back-end caching system. A code injection vulnerability exists in the cookie driver in versions of phpfastcache prior to 5.1.3. The vulnerability stems from a network system or product not properly filtering special elements of externally entered data during the construction of ...

Centreon Web Code Injection Vulnerability

Centreon Web is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring functions on the network , system and application resources . A code injection vulnerability exists in the getStats.php file in versions of Centreon Web prior to...

ZTE ZXCDN IAMWEB Code Injection Vulnerability

ZTE ZXCDN IAMWEB is an authentication product from ZTE Corporation ZTE, China. A code injection vulnerability exists in ZTE ZXCDN IAMWEB version V6.01.03.01. The vulnerability stems from a network system or product not properly filtering special elements of external input data during the...

safer-eval code injection vulnerability

safer-eval is a security evaluation module that runs in node and browsers. A code injection vulnerability exists in versions prior to safer-eval 1.3.2, which arises from the failure of a network system or product to properly filter specific elements of externally input data during the constructio...

WordPress events-manager plugin code injection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A code injection vulnerability exists in the WordPress events-manager...

Atlassian Crowd Code Injection Vulnerability

Atlassian Crowd is a Web-based single sign-on system from Atlassian Australia. The system provides authentication, authorization, and other functions for multiple users, web applications, and directory servers. A code injection vulnerability exists in Atlassian Crowd versions prior to 2.10.2, whi...

Couchbase Server Code Injection Vulnerability

Couchbase Server is a distributed open source NoSQL non-relational database from the U.S. company Couchbase , which mainly supports data query , full-text search and active global replication and other functions . A code injection vulnerability exists in Couchbase Server version 5.1.1. The...

LibreNMS Code Injection Vulnerability

LibreNMS is an open source network monitoring system based on PHP and MySQL. The system features customizable alerts , auto-discovery of the network environment and automatic updates . A code injection vulnerability exists in LibreNMS version 1.50.1, which can be exploited by an attacker to...

openITCOCKPIT Code Injection Vulnerability

openITCOCKPIT is a set of open source system monitoring tools . A code injection vulnerability exists in versions of openITCOCKPIT prior to 3.7.1. The vulnerability arises from external input data to construct code segments in the process , the network system or product is not properly filtered f...