1200 matches found
PT-2023-14788 · Apache · Apache Dolphinscheduler
Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.0.1 and prior versions Apache DolphinScheduler versions 3.1.0 and prior versions Description: The issue is related to improper validation of script alert plugin parameters in Apache DolphinScheduler, which c...
CVE-2022-43437
The Download function’s parameter of EasyTest has insufficient validation for user input. A remote attacker authenticated as a general user can inject arbitrary SQL command to access, modify or delete database...
Apache Kylin vulnerable to Command injection by Diagnosis Controller
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...
GHSA-W9RV-XMF7-X3GH Apache Kylin vulnerable to Command injection by Diagnosis Controller
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...
CVE-2022-44621
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...
CVE-2022-44621
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...
Command injection
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...
CVE-2022-44621
CVE-2022-44621 relates to Apache Kylin and concerns the Diagnosis Controller. The underlying issue is missing parameter validation in the controller, enabling potential command injection through HTTP requests. Multiple sources describe this as a high-severity, remote-execution risk (CVSS v3.1 bas...
CVE-2022-44621 Apache Kylin: Command injection by Diagnosis Controller
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...
CVE-2022-44621 Apache Kylin: Command injection by Diagnosis Controller
Diagnosis Controller miss parameter validation, so user may attacked by command injection via HTTP Request...
The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 allows a hacker to execute arbitrary commands.
The vulnerability of the FsCreateDir function in the Ajax web interface for managing WLAN client software Hirschmann BAT-C2 is related to insufficient checking of arguments passed in the command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using the dir...
PT-2022-27265 · Unknown · Diagnosis Controller
Name of the Vulnerable Software and Affected Versions: Diagnosis Controller affected versions not specified Description: The issue concerns a lack of parameter validation in the Diagnosis Controller, which can be exploited through command injection via HTTP Request. This allows an attacker to...
PT-2022-27735 · Unknown · Sourcecodester Covid-19 Directory On Vaccination System
Name of the Vulnerable Software and Affected Versions: Sourcecodester Covid-19 Directory on Vaccination System version 1.0 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. This vulnerability occurs because the program does not verify the txtvaccinationID parameter in...
DEBIAN-CVE-2022-46768
Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files...
CVE-2022-46768
Arbitrary file read vulnerability exists in Zabbix Web Service Report Generation, which listens on the port 10053. The service does not have proper validation for URL parameters before reading the files...
Zabbix 输入验证错误漏洞
Zabbix is an open source monitoring system from Zabbix. The system supports network monitoring, server monitoring, cloud monitoring and application monitoring. Zabbix Web Service Report Generation has a security vulnerability that stems from its service does not properly validate URL parameters...
CVE-2022-43723
A vulnerability has been identified in SICAM PAS/PQS All versions = 7.0 V8.06. Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the...
CVE-2022-3720
The Event Monster WordPress plugin before 1.2.0 does not validate and escape some parameters before using them in SQL statements, which could lead to SQL Injection exploitable by high privilege users...
CVE-2022-20926
A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...
CVE-2022-44556
Missing parameter type validation in the DRM module. Successful exploitation of this vulnerability may affect availability...