925 matches found
CVE-2023-31474
GL.iNet devices before 3.216 are affected by CVE-2023-31474 due to a flaw in the software installation feature that lets an attacker inject arbitrary parameters via a regex in a package name, causing opkg to list files in a target directory. The issue stems from how package-name regex handling ca...
PT-2023-23353 · Gl.Inet · Gl.Inet
Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 3.216 Description: An issue was discovered that allows injecting arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name...
Git 注入漏洞
GIT is a revision control system. GIT suffers from a service parameter injection vulnerability that can be exploited by an attacker to execute arbitrary code from a distance...
Online Thesis Archiving System SQL注入漏洞
Online Thesis Archiving System is an online thesis archiving system. Online Thesis Archiving System version 1.0 has a sql injection vulnerability, which originates from the poor filtering of the id parameter in /admin/user/manageuser.php. An attacker can use this vulnerability to perform SQL...
Osprey Pump Controller 1.0.1 - (eventFileSelected) Command Injection
Exploit Title: Osprey Pump Controller 1.0.1 - eventFileSelected Command Injection Exploit Author: LiquidWorm Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021...
Apache OpenOffice 参数注入漏洞
Apache OpenOffice is an open source office software suite from the U.S. Apache Apache Foundation. The suite contains text documents , spreadsheets , presentations , drawings , databases and so on. A code execution vulnerability exists in Apache OpenOffice that originates from a link containing an...
CVE-2023-27894
SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...
CVE-2023-27894
SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal...
Atlassian Jira < 3.13.2 WebWork 1 Parameter Injection Hole
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 3.13.2. It is, therefore, affected by a vulnerability which allows remote attackers to call exposed public methods via a webwork1 parameter injection. Note that the scanner ha...
CoreDial sipXcom sipXopenfire 参数注入漏洞
CoreDial sipXcom sipXopenfire is a telecommunications application from CoreDial, Inc. A parameter injection vulnerability exists in CoreDial sipXcom sipXopenfire version 21.04 and earlier, which stems from the presence of operating system command parameter injection that can be exploited by an...
Fortinet FortiNAC 参数注入漏洞
Fortinet FortiNAC is a set of network access control solutions from the U.S. company Fita Fortinet. The product is primarily used for network access control and IoT security. Fortinet FortiNAC has a security vulnerability that originates from improper parameter neutralization. An attacker could...
SUSE CVE-2006-1015
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additionalparameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE...
SUSE CVE-2016-3721
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...
JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...
Amanda 参数注入漏洞
Amanda is an automated network disk archiver organized by the University of Maryland at College Park. It allows IT administrators to set up a single primary backup server to back up multiple hosts to tape drives/converters or disks or optical media over a network. Amanda suffers from a security...
CVE-2023-0164
OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...
PT-2023-16050 · Unknown · Orangescrum
Name of the Vulnerable Software and Affected Versions: OrangeScrum version 2.0.11 Description: The issue allows an authenticated external attacker to execute arbitrary commands on the server. This is possible because the application injects an attacker-controlled parameter into a system function...
Student Study Center Management System 跨站脚本漏洞
Student Study Center Management System is a student study center management system from the individual developer ANUJ KUMAR. A cross-site scripting vulnerability exists in Student Study Center Management System version V 1.0, which originates from a well-designed payload that allows an attacker t...
HTTP Query String Injection
Description The application does not properly sanitize query string parameters in the cloudflare-kv-http,github and http drivers. In the case of the github and http drivers there is no immediate vulnerability, however a slight risk is presented. When a user controls a key within the...
Froxlor 注入漏洞
Froxlor is a lightweight server management software from the Froxlor team. An injection vulnerability exists in versions prior to Froxlor 2.0.0-beta1, which stems from parameter injection...