15 matches found
D-Link多款产品 命令注入漏洞
D-Link DNS-120, etc., are products of D-Link Corporation from China. The D-Link DNS-120 is a network storage adapter. The D-Link DNR-202L is a network video camera. The D-Link DNS-315L is a network attached storage device. Several D-Link products have command injection vulnerabilities, which stem...
Projectworlds Online Time Table Generator 安全漏洞
Projectworlds Online Time Table Generator is an online schedule generator developed by the Indian company Projectworlds. Version 1.0 of ProjectWorlds Online Time Table Generator has a security vulnerability. This vulnerability stems from the lack of authentication in multiple management scripts,...
EUVD-2020-6096
Malware in sbrugna...
CVE-2025-25021 IBM QRadar Suite Software and IBM Cloud Pak for Security code injection
IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code...
CVE-2019-19732
translationmanagetext.ajax.php and various manage.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 directly insert values from the aSortDir0 and/or sSortDir0 parameter into a SQL string. This allows an attacker to inject their own SQL and manipulate the query, typically extracting data from th...
SolarWinds Log and Event Manager < 6.3.1 Hotfix 3 Jailbreak and Privilege Escalation
According to its self-reported version number, the SolarWinds Log and Event Manager installed on the remote host is prior to version 6.3.1 Hotfix 3. It is, therefore, affected by multiple vulnerabilities : - Due to the program setting insecure permissions for management scripts, a remote attacker...
SolarWinds Log and Event Manager (LEM) < 6.3.1 Hotfix 3 SSH Jailbreak and Privilege Escalation Vulnerabilities
SolarWinds Log and Event Manager LEM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2016-5305
Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack...
CVE-2016-3653
Multiple cross-site request forgery CSRF vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users...
CVE-2016-3652
Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to hijack the authentication of arbitrary users...
CVE-2016-5305
Multiple cross-site scripting XSS vulnerabilities in management scripts in Symantec Endpoint Protection Manager SEPM 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack...
Use the F5 ICall scripting mention the right vulnerability analysis(CVE-2 0 1 5-3 6 2 8)-vulnerability warning-the black bar safety net
Earlier this year, GDS in F5 BIG-IP LTM found a loophole, this loophole allows limited user access to the system after the extraction and at the mention of the right after the successful remote execution of the command. This article will show you how to manually take advantage of this...
IBM WebSphere Application Server管理脚本工具未明漏洞
IBM WebSphere Application Server是一款企业级应用服务程序。 IBM WebSphere Application Server多个管理脚本存在输入验证问题,远程攻击者可以利用漏洞获得敏感信息或进行其他各种攻击。 目前没有详细漏洞细节提供。 IBM Websphere Application Server 6.0.2 .9 IBM Websphere Application Server 6.0.2 .7 IBM Websphere Application Server 6.0.2 .5 IBM Websphere Application Server 6.0...
DSA-1365-1 id3lib3.8.3
Bulletin has no description...