186 matches found
Netis MW5360 V1.0.1.3031 - Command Injection
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. id: CVE-2024-22729 info: name: Netis MW5360 V1.0.1.3031 - Command Injection author: pussycat0x severity: critical description: | NETIS SYSTEMS MW5360...
Qlik Sense Enterprise - Path Traversal
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous...
BillQuick Web Suite SQL Injection
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xpcmdshell. id: CVE-2021-42258 info: name: BillQuick Web Suite SQL Injection...
SonicWall SMA100 Stack - Buffer Overflow/Remote Code Execution
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's modcgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware...
Tenda Router AC11 - Remote Command Injection
Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-31755 info: name: Tenda Router AC11 - Remote Comman...
XStream 1.4.18 - Remote Code Execution
XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the...
vBulletin 5.5.4 - 5.6.2- Remote Command Execution
vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widgettabbedcontainertabpanel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. id: CVE-2020-17496 info: name: vBulletin 5.5.4 - 5.6.2- Remote Comman...
Airflow Experimental <1.10.11 - REST API Auth Bypass
Airflow's Experimental API prior 1.10.11 allows all API requests without authentication. id: CVE-2020-13927 info: name: Airflow Experimental 1.10.11 - REST API Auth Bypass author: pdteam severity: critical description: | Airflow's Experimental API prior 1.10.11 allows all API requests without...
WP Hotel Booking < 1.10.4 - PHP Object Injection
The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpresshotelbooking1 cookie in load in includes/class-wphb-sessions.php. id: CVE-2020-29047 info: name: WP Hotel Booking 1.10.4 - PHP Object...
PHPSHE 1.7 - SQL Injection
A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnerability does not need any authentication. id: CVE-2019-9762 info: name: PHPSHE 1.7 - SQL Injection author: DhiyaneshDK severity: critical description: | A SQL Injection was...
Dasan GPON Devices - Remote Code Execution
Dasan GPON home routers are susceptible to command injection which can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...
MinIO Cluster Deployment - Information Disclosure
MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIOSECRETKEY and MINIOROOTPASSWORD. An attacker can potentially obtain sensitive...
Mingsoft MCMS v5.2.7 - SQL Injection
Mingsoft MCMS v5.2.7 contains an SQL injection vulnerability via /cms/content/list that allows unauthenticated attackers to execute arbitrary SQL commands on the affected database server. id: CVE-2022-26585 info: name: Mingsoft MCMS v5.2.7 - SQL Injection author: ritikchaddha severity: critical...
D-Link DIR-605 - Information Disclosure
An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version - 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page id: CVE-2021-40655 info: name: D-Link DIR-605 - Information Disclosure author: DhiyaneshDK severity: high...
Ruckus Wireless Admin - Remote Code Execution
Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request. id: CVE-2023-25717 info: name: Ruckus Wireless Admin - Remote Code Execution author: parthmalhotra,pdresearch severity: critical description: | Ruckus Wireless Admin through 10.4 allows Remote...
Micro Focus Operations Bridge Reporter - Remote Code Execution
Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. id: CVE-2021-22502 info: name: Micro Focus...
SolarView Compact 6.00 - OS Command Injection
SolarView Compact 6.00 was discovered to contain a command injection vulnerability via confmail.php. id: CVE-2022-29303 info: name: SolarView Compact 6.00 - OS Command Injection author: badboycxcc severity: critical description: | SolarView Compact 6.00 was discovered to contain a command injecti...
Atlassian Jira Server-Side Template Injection
Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and...
QNAP QTS and Photo Station 6.0.3 - Remote Command Execution
This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. id: CVE-2019-7192 info: name: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution...
ThinkPHP 5.0.23 - Remote Code Execution
An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. id: CVE-2018-20062 info: name: ThinkPHP...