Command Execution Vulnerability in DSMall (CNVD-2020-25887)

DSMall is a complete B2B2C multi-store mall solution. DSMall suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code...

Code Execution Vulnerability in Coyote Hair Input Method

Coyote Hair Input Method is the Windows version of the Zhongzhou Rhyme Input Method engine. A code execution vulnerability exists in Coyote Hair Input Method, which can be exploited by attackers to execute malicious code...

Code execution vulnerability in Ape Programming client

Ape Programming Client is a platform under Ape Tutoring that specializes in online education for youth programming. A code execution vulnerability exists in Ape Programming Client, which can be exploited by attackers to execute malicious code...

Command Execution Vulnerability in Zendo CMS

Qingdao eEnterprise Tianchuang Management Consulting Co., Ltd. was formerly known as Qingdao eSoft Tianchuang Network Technology Co., Ltd. which was founded in 2010, focusing on providing management solutions for enterprises. A command execution vulnerability exists in Zendo cms, which can be...

Command Execution Vulnerability in Xianqi Kindergarten Online Management System

Xianqi Kindergarten Online Management System is a kindergarten online management system. A code execution vulnerability exists in the CKI Kindergarten Online Management System, which can be exploited by an attacker to gain server privileges...

Command Execution Vulnerability in Daimi CMS Backend

DAMI CMS is a free open source, fast, simple PC building and mobile building integrated all-in-one system. A command execution vulnerability exists in the backend of Daimi CMS, which can be exploited by an attacker to back up the database and cause a getshell...

Command Execution Vulnerability in Panavision OA e-Office (CNVD-2020-24728)

Panmicro e-office OA system is a professional collaborative OA software for small and medium-sized organizations, a leading brand in the field of domestic collaborative OA office, dedicated to providing professional OA office system, mobile OA applications and other collaborative OA overall...

CVE-2020-2167

CVE-2020-2167 affects the Jenkins OpenShift Pipeline Plugin, with versions 1.0.56 and earlier vulnerable. The root cause is the YAML parser not restricting deserialization of arbitrary types, enabling remote code execution when a user provides YAML input to the plugin’s build step. Public records...

Schneider Electric ProSoft Configurator Code Issue Vulnerability

Schneider Electric ProSoft Configurator is a configuration manager for logic controllers from Schneider Electric, France. A code issue vulnerability exists in Schneider Electric ProSoft Configurator v1.002 and prior versions for Modicon PMEPXM0100H modules. An attacker could exploit the...

CVE-2020-7476

A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit Versions prior to 1.0.1, which could cause execution of malicious code when a malicious file is put in the search path...

Code Execution Vulnerability in Foxit Reader U3D Plug-in (CNVD-2020-26509)

Foxit Software Incorporated Foxit Software is a provider of product technology and solutions that cover the document lifecycle, including document generation, conversion, display, editing, searching, printing, storage, signing, forms, protection, and secure distribution management. A code executi...

Huawei EulerOS: Security Advisory for e2fsprogs (EulerOS-SA-2020-1272)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

cPanel Code Execution Vulnerability (CNVD-2020-18566)

cPanel is a set of Web-based host control management system of the U.S. cPanel. A code execution vulnerability exists in cPanel versions prior to 84.0.20. An attacker can exploit this vulnerability to achieve code execution via the PassengerApps API using a demo account...

Design/Logic Flaw

index.php?sec=godmode/extensions&sec2=extensions/filesrepo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742FIXPERL2020...

CVE-2020-1953

Apache Commons Configuration uses a third-party library to parse YAML files which by default allows the instantiation of classes if the YAML includes special statements. Apache Commons Configuration versions 2.2, 2.3, 2.4, 2.5, 2.6 did not change the default settings of this library. So if a YAML...

Command Execution Vulnerability in CICMS in***.php File

CICMS is developed by PHP+MySQL, based on CodeIgniter framework, the source code is all open, and the main enterprise building site. CICMSin.php file has a command execution vulnerability. An attacker can exploit the vulnerability to write any php file and obtain the administrative privileges of...

Microsoft Issues March 2020 Updates to Patch 115 Security Flaws

Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history. Of the 115 bugs spanning its various products —...

Microsoft Windows and Windows Server Code Execution Vulnerabilities

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A code execution vulnerability exists in Microsoft Windows and Windows Server that can be...

Quest Software KACE K1000 Systems Management Appliance Code Execution Vulnerability

The Quest Software KACE K1000 Systems Management Appliance KACE SMA is a systems management appliance from Quest Software, USA. A security vulnerability exists in the service/krashrpt.php file in Quest Software KACE SMA versions prior to 6.4 SP3 6.4.120822. A remote attacker can exploit the...

CVE-2020-2158

The CVE-2020-2158 entry affects Jenkins Literate Plugin versions 1.0 and earlier. The root cause is that the YAML parser is not configured to prevent instantiation of arbitrary types, enabling remote code execution. The impact is remote code execution with the plugin, and multiple sources identif...