Gin-Vue-Admin 路径遍历漏洞

Gin-Vue-Admin is a full-stack pre-development infrastructure platform based on Vue and Gin development. A security vulnerability exists in Gin-Vue-Admin that stems from an arbitrary file read vulnerability in Gin-vue-admin 2.50 due to a lack of parameter validation...

Design/Logic Flaw

An issue was discovered on DCN Digital China Networks S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell...

CVE-2021-42324

An issue was discovered on DCN Digital China Networks S4600-10P-SI devices before R0241.0470. Due to improper parameter validation in the console interface, it is possible for a low-privileged authenticated attacker to escape the sandbox environment and execute system commands as root via shell...

CVE-2021-42324

The CVE-2021-42324 issue affects DCN S4600-10P-SI switches (pre-R0241.0470). Root cause: improper parameter validation in the console interface. An authenticated, low-privilege attacker can escape the sandbox and execute system commands as root via shell metacharacters in the capture command para...

Joomla! 代码注入漏洞

Joomla! is a set of forum components used in the Joomla! content management system. A code injection vulnerability exists in versions 4.0.0 to 4.1.0 of Joomla!, which stems from an HTTP request parameter input validation error. No detailed vulnerability details are available at this time...

Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting

The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting PoC The issue is only exploitable when there are no forms created yet...

CVE-2021-26622

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability...

Remote code execution

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability...

CVE-2021-26622

Consolidated details from multiple sources confirm CVE-2021-26622 affects Genian NAC. The vulnerability stems from a Server-Side Template Injection (SSTI) and insufficient validation of the file name parameter, enabling remote attackers to execute arbitrary code with SYSTEM privileges on all conn...

CVE-2021-26622 Genian NAC remote code execution vulnerability

An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability...

WordPress miniOrange's Google Authenticator plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress miniOrange's Google Authenticator plugin version 5.5 or earlier is vulnerable to a cross-site request forgery vulnerability that stems from...

CVE-2022-0229

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog,...

CVE-2021-45822

A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" POST parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code...

CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...

Huawei Emui Out-of-Bounds Access Vulnerability

Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. An out-of-bounds access vulnerability exists in Huawei EMUI version 12.0.0, which stems from the system's lax input parameter validation in the audio component. An attacker can exploit the vulnerabilit...

VulnCheck KEV: CVE-2022-0441

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin...

Mageia: Security Advisory (MGASA-2018-0207)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Authentication Bypass in ADOdb/ADOdb

Impact An attacker can inject values into a PostgreSQL connection string by providing a parameter surrounded by single quotes. Depending on how the library is used in the client software, this may allow an attacker to bypass the login process, gain access to the server's IP address, etc. Patches...

CVE-2021-24865

The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue...

Denial Of Service (DoS)

sidekiq is vulnerable to denial of service. The library does not properly validate the days parameter when requesting stats for the graph, allowing an attacker to cause an application crash...