Command Injection

org.apache.streampark:streampark is vulnerable to Command Injection. The vulnerability is caused due to insufficient input parameter validation, allowing attackers to insert commands. Exploiting this requires system-level access via user login, thereby limiting its risk due to controlled user...

CVE-2024-20400

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...

GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2023-52291

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2024-6074

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Cisco NX-OS Software 操作系统命令注入漏洞

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A command injection vulnerability exists in Cisco NX-OS Software, which arises from insufficient validation of parameters passed to specific configuration CLI commands, and...

ChuanhuChatGPT Security Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A security vulnerability exists in ChuanhuChatGPT, which stems from a lack of cleanup or validation of the keyword parameter, and a denial of service vulnerability in the...

CVE-2024-4399

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack...

PT-2024-30854 · Jenkins +1 · Cas +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to a lack of validation for a parameter before making a request to it. This could allow unauthenticated users to perform a Server-Side Request Forgery SSRF attack. SSR...

CVE-2024-20369

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

Cisco Crosswork Network Services Orchestrator 安全漏洞

Cisco Crosswork Network Services Orchestrator is a network services orchestrator from Cisco USA. A security vulnerability exists in Cisco Crosswork Network Services Orchestrator that originates from improper validation of parameter inputs in HTTP requests, allowing an unauthenticated, remote...

RuvarOA sys_file_storage_id parameter SQL injection vulnerability (CNVD-2024-33626)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter in the /WorkFlow/wfworkfinishfiledown.aspx file against external SQL input. An attacker can explo...

RuvarOA sys_file_storage_id Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter of the /WorkFlow/wffiledownload.aspx file against externally entered SQL statements. An attacker...

RuvarOA office_missive_id Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the officemissiveid parameter in the /WorkFlow/wfworkformsave.aspx file against external SQL input. An attacker can exploit this...

CVE-2023-41194

D-Link DAP-1325 HNAP SetAPLanSettings SubnetMask Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability...

CVE-2023-41191

D-Link DAP-1325 HNAP SetAPLanSettings Mode Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The...

HTTP Parameter Tampering

github.com/navidrome/navidrome is vulnerable to HTTP Parameter Tampering. The vulnerability is due to improper parameter validation within HTTP requests. An attacker can impersonate other users and perform unauthorized actions such as creating playlists, adding songs, posting comments, and changi...

CAS <= 1.0.0 - Unauthenticated SSRF

Description The plugin does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack PoC https://example.com/wp-content/themes/cas/download.php?path=http://127.0.0.1:8080...

Tenda AX1803 Buffer Overflow Vulnerability

Tenda AX1803 is a dual-band Gigabit WIFI6 router from Tenda China. The Tenda AX1803 version 1.0.0.1 suffers from a buffer overflow vulnerability that originates from the parameter serverName/ddnsUser/ddnsPwd/ddnsDomain failing to correctly validate the length and size of the input data, which can...