CVE-2024-48891

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access via...

EUVD-2024-55035

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access via...

CVE-2024-48891

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access via...

CVE-2024-48891

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access via...

CVE-2024-48891

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access via...

CVE-2024-48891

An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability CWE-78 in FortiSOAR 7.6.0 through 7.6.1, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an attacker who has already obtained a non-login low privileged shell access via...

CVE-2024-48891

FortiSOAR is affected by an OS Command Injection (CWE-78) due to improper neutralization of special elements. Validated affected versions include 7.6.0–7.6.1, 7.5.0–7.5.1, all 7.4, and all 7.3. The vulnerability could allow an attacker who already has non-login, low-privileged shell access to esc...

PT-2025-41944

Name of the Vulnerable Software and Affected Versions FortiSOAR versions 7.3.x FortiSOAR versions 7.4.x FortiSOAR versions 7.5.0 through 7.5.1 FortiSOAR versions 7.6.0 through 7.6.1 Description An Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' issue CWE-7...

EUVD-2022-29023

Malicious code in bioql PyPI...

The vulnerability of the formSetWanNonLogin() function in the embedded web server software of D-Link DIR-513 routers allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the formSetWanNonLogin function in the embedded web server software of D-Link DIR-513 routers is related to the issue of data being written outside the buffer in memory when processing the curTime parameter. Exploiting this vulnerability could allow a remote attacker to execu...

D-Link DIR-605L 安全漏洞

The D-Link DIR-605L is a wireless router from China's AUO D-Link. A buffer overflow vulnerability exists in the D-Link DIR-605L version 2.13B01 BETA, which originates from the webpage parameter of the formSetWanNonLogin function in the /goform/formSetWanNonLogin page that fails to correctly...

CVE-2023-43860

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function...

CVE-2022-27286

D-Link DIR-619 Ax v1.00 was discovered to contain a stack overflow in the function formSetWanNonLogin. This vulnerability allows attackers to cause a Denial of Service DoS via the curTime parameter...

cmseasy 存储型XSS一枚(无需登录无视360)

简要描述： 信pandas出真相！ 详细说明： cmseasy在bbs中回帖处允许非登录用户回帖，但取用户名的时候又是从COOKIE中取的，导致了安全问题： /bbs/ajax.php userid; $data'addtime' = mktime; $data'ip' = $SERVER'REMOTEADDR'; $reply = dbbbsreply::getInstance; $r = $reply-inserData$data; 这是回复处的代码。 可见$data'username' = isset$COOKIE'username' ? $COOKIE'username' : '...