50 matches found
EUVD-2026-36679
A vulnerability was determined in ShopXO up to 6.7.1. This vulnerability affects the function OrderClose/OrderSuccess/PayLogOrderClose/GoodsGiveIntegral of the file app/api/controller/Crontab.php of the component Scheduled Task Endpoint. Executing a manipulation can lead to authorization bypass...
CVE-2026-48687
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...
DEBIAN-CVE-2026-48687
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...
EUVD-2026-31949
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the MikroTik router integration plugin. The log function in src/mikrotikplugin/fastnetmonmikrotik.php lines 107-108 constructs shell commands by concatenating the $msg parameter directly into exec calls:...
CVE-2026-48687
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...
CVE-2026-48687
FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The log function in src/juniperplugin/fastnetmonjuniper.php lines 117-118 constructs shell commands by concatenating the $msg parameter directly into exec calls:...
CVE-2026-48687
CVE-2026-48687 affects FastNetMon Community Edition up to 1.2.9, specifically the Juniper router integration plugin. The OS command injection stems from the PHP file src/juniper_plugin/fastnetmon_juniper.php (log function) which builds shell commands by concatenating unsanitized user data from ar...
PT-2026-43274
Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.3.0 Description An OS command injection issue exists in the Juniper router integration plugin. The log function in src/juniper plugin/fastnetmon juniper.php constructs shell commands by...
CVE-2026-48695
CVE-2026-48695: FastNetMon Community Edition
EUVD-2002-2215
Malware in sbrugna...
EUVD-2013-3604
Malware in sbrugna...
EUVD-2020-13081
Malware in sbrugna...
CVE-2025-10485
A vulnerability has been found in pojoin h3blog up to 5bf704425ebc11f4c24da51f32f36bb17ae20489. Affected by this issue is the function pptlog of the file /login of the component HTTP Header Handler. Such manipulation of the argument X-Forwarded-For leads to cross site scripting. The attack may be...
CVE-2025-9888
CVE-2025-9888 affects the Maspik – Ultimate Spam Protection WordPress plugin. According to connected sources, versions up to and including 2.5.6 are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the clear_log function. This (unauthenticated) vulnerabilit...
WordPress plugin Maspik – Ultimate Spam Protection 跨站请求伪造漏洞
WordPress Heateor Maspik - Ultimate Spam Protection plugin is an anti-spam plugin designed specifically for WordPress that protects contact forms, comment areas and signup forms from spam through a variety of technical means. The WordPress Maspik - Ultimate Spam Protection plugin suffers from a...
PT-2025-37024
Name of the Vulnerable Software and Affected Versions: Maspik – Ultimate Spam Protection plugin for WordPress versions through 2.5.6 Description: The Maspik – Ultimate Spam Protection plugin for WordPress is susceptible to a Cross-Site Request Forgery issue. This is due to insufficient or incorre...
CVE-2023-5772
The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clearlog function. This makes it possible for unauthenticated attackers to clear the debug log via a forg...
CVE-2020-28692
In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files...
CVE-2020-20294
An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands...
firmware_loader: Fix possible resource leak in fw_log_firmware_info()
...