思科 Cisco Unified Communications Manager SQL注入漏洞

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable, and highly available enterprise IP telephony call processing solution. A SQL injection vulnerability...

INIM ELECTRONICS SmartLiving System 代码问题漏洞

INIM ELECTRONICS SmartLiving System is an application of the Italian company INIM ELECTRONICS. A SmartLiving System. A security vulnerability exists in INIM ELECTRONICS SmartLiving System, which stems from a lack of validation of parameters, and can be exploited by an attacker to specify an...

Design/Logic Flaw

An issue was discovered in the Oauth extension for MediaWiki through 1.35.2. It did not validate the oarcversion aka oauthregisteredconsumer.oarcversion parameter's length...

Design/Logic Flaw

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

CVE-2021-29431

Sydent (Matrix identity server) is affected by a SSRF issue caused by missing validation of hostnames, allowing the server to be induced to issue HTTP GETs to internal systems. The impact is described as not enabling data exfiltration or control of request headers, but it may enable internal port...

CVE-2021-29431 SSRF in Sydent due to missing validation of hostnames

Sydent is a reference Matrix identity server. Sydent can be induced to send HTTP GET requests to internal systems, due to lack of parameter validation or IP address blacklisting. It is not possible to exfiltrate data or control request headers, but it might be possible to use the attack to perfor...

Cisco Webex Meetings 安全漏洞

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. An HTML injection vulnerability exists in certain pages of Cisco Webex Meetings. The vulnerability stems from improper checking of parameter values on the affected pages. An attacker could exploit the vulnerability by...

Cisco IOS XE SD-WAN Software 安全漏洞

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. An arbitrary file overwrite vulnerability exists in the CLI for SD-WAN for Cisco IOS XE. The vulnerability stems from insufficient validation of parameters for specific CLI...

Xilinx Zynq-7000 安全特征问题漏洞

The Xilinx Zynq-7000 is a chip from Xilinx, Inc. The Zynq-7000 is a chip from Xilinx, Inc. that provides the software programmability of an ARM® architecture processor with the hardware programmability of an FPGA, enabling critical analysis and hardware acceleration while integrating a CPU, DSP,...

Weseek GROWI 跨站脚本漏洞

Weseek GROWI is a suite of team collaboration software from Weseek Japan. A reflected cross-site scripting vulnerability exists in GROWI 4.2.0 - 4.2.7. The vulnerability stems from insufficient validation of URL query parameters. An attacker can exploit this vulnerability to execute arbitrary...

Doctor Appointment System 1.0 SQL Injection Vulnerability

Exploit Title: Doctor Appointment System 1.0 Blind SQL injection in comment parameter CVE: CVE-2021-27315 Exploit Author: Soham Bakore Vendor Homepage: https://www.sourcecodester.com/php/14182/doctor-appointment-system.html Software Link:...

CVE-2020-11204

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...

CVE-2020-11204

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrag...

PT-2021-7658 · Npm · Systeminformation

Name of the Vulnerable Software and Affected Versions: systeminformation versions prior to 5.3.1 Description: The System Information Library for Node.JS is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1,...

CVE-2020-4955

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to loa...

Input validation

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to loa...

CVE-2020-4955

CVE-2020-4955 concerns IBM Spectrum Protect Operations Center. The IBM bulletin documents that versions 7.1.0.000–7.1.12.x and 8.1.0.000–8.1.10.100 (and 8.1.11.000) are affected by an improper parameter validation flaw. A remote attacker could exploit this by crafting an unspecified servlet reque...

CVE-2020-4955

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to loa...

CVE-2020-4955

IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote attacker to execute arbitrary code on the system, caused by improper parameter validation. By creating an unspecified servlet request with specially crafted input parameters, an attacker could exploit this vulnerability to loa...

PT-2021-10472 · Yccms · Yccms

Name of the Vulnerable Software and Affected Versions: yccms version 3.3 Description: The issue arises from the no top function's improper judgment of the request parameters, leading to a sql injection vulnerability. This allows for potential exploitation by manipulating request parameters...