Code injection

CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may b...

Moxa Mxview Network Management Software 路径遍历漏洞

An improper access control vulnerability exists in Moxa MXview, a network management software used to monitor and diagnose industrial networks. The vulnerability stems from the fact that the affected product has a misconfigured service that allows remote connections to internal communication...