129 matches found
Cisco IOS XE SD-WAN Parameter Injection Vulnerability
Cisco IOS XE is an open and flexible operating system optimized for future work. A parameter injection vulnerability exists in Cisco IOS XE versions after 17.3.1. The vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit the vulnerability to gain...
CVE-2021-1454 Cisco IOS XE SD-WAN Software Parameter Injection Vulnerabilities
Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these...
CVE-2021-26752
NeDi 1.9C allows an authenticated user to execute operating system commands in the Nodes Traffic function on the endpoint /Nodes-Traffic.php via the md or ag HTTP GET parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...
CVE-2021-26753
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the endpoint /System-Files.php via the txt HTTP POST parameter. This allows an attacker to obtain access to the operating system where NeDi is installed and to all application data...
Nedi Consulting NeDi 操作系统命令注入漏洞
NeDi is an open source software tool that discovers, maps and inventories network devices and tracks connected end nodes. NeDi 1.9C suffers from an OS command injection vulnerability. The vulnerability can be exploited to execute OS commands in the Nodes Traffic function of endpoint...
CVE-2020-3367
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...
CVE-2020-16280
Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators. To exploit the vulnerability a local attacker must have access to the underlying operating...
Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers
A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in...
CVE-2020-6774
Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system...
WAGO PFC100/200 Web-Based Management (WBM) Authentication Timing Information Disclosure Vulnerability
Summary An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management WBM web application on WAGO PFC100/200 controllers. The WBM application makes use of the PHP crypt function which can be exploited to disclose hashed user credentials...
Forma Learning Management System SQL Injection Vulnerability (CNVD-2019-44282)
Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...
Forma Learning Management System SQL Injection Vulnerability (CNVD-2020-02570)
Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker can exploit the vulnerability with a specially crafted web request to disclose database user credentials and potentially access the...
CVE-2019-5112
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...
CVE-2019-5112
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...
Sql injection
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
Sql injection
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...
CVE-2019-5110
Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
CVE-2019-5109
Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...
CVE-2019-5112
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...
CVE-2019-5111
Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...