925 matches found
Poetry 参数注入漏洞
Poetry is a tool for dependency management and packaging in Python. It allows you to declare the libraries your project depends on and will manage install/update them for you. A parameter injection vulnerability exists in Poetry versions prior to 1.1.9 and prior to 1.2.0b1, the vulnerability stem...
PT-2022-23550 · Unknown · Simple Task Scheduling System
Name of the Vulnerable Software and Affected Versions: Simple Task Scheduling System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete account" API endpoint. Recommendations...
Device42 参数注入漏洞
Device42, a Device42 company, provides the industry's most advanced and complete hybrid cloud discovery and dependency mapping platform. A parameter injection vulnerability exists in Device42 CMDB version 18.01.00 and earlier, which stems from a Change Secret username field used in the discovery...
mc-kill-port 参数注入漏洞
npm mc-kill-port is a package from npm USA that allows termination of ports. A security vulnerability exists in mc-kill-port, which stems from a lack of parameter cleanup. An attacker can exploit this vulnerability to execute arbitrary commands...
HUAWEI HarmonyOS 参数注入漏洞
HUAWEI HarmonyOS is an operating system from the Chinese company Huawei HUAWEI. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in HUAWEI HarmonyOS version 2.0, which stems from a parameter injection vulnerability in the Settings...
CVE-2022-36322
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible...
CVE-2022-36322
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible...
CVE-2022-36322
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible...
CVE-2022-36322
In JetBrains TeamCity before 2022.04.2 build parameter injection was possible...
CVE-2022-36322
CVE-2022-36322 affects JetBrains TeamCity prior to 2022.04.2, where build parameter injection was possible via the build configuration workflow. The vulnerability lies in build parameter handling, enabling injection that could impact confidentiality, integrity, and availability as indicated by th...
JetBrains TeamCity 参数注入漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity...
CVE-2017-20132
A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. This issue affects some unknown processing of the file /multi-vendor-shopping-script/product-list.php. The manipulation of the argument pl leads to sql injection. The attack may be initiated remotely. The...
codecov 参数注入漏洞
codecov is a specialized code coverage solution open-sourced by codecov. A security vulnerability exists in codecov versions prior to 2.0.16, which stems from not cleaning up the gcov parameter before supplying it to the popen method...
git-clone 参数注入漏洞
git-clone is a repository for cloning git repositories developed by Jason Frame in the UK. A parameter injection vulnerability exists in git-clone, which stems from an unsafe use of git's --upload-pack feature, which makes all versions of the package git-clone vulnerable to command injection...
LDAP Account Manager Parameter Injection Vulnerability
LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. LDAP Account Manager LAM versions prior to 8.0 are vulnerable to parameter injection, which stems from the fact that LAM instantiates objects from arbitrary classes and ca...
LDAP Account Manager 参数注入漏洞
LDAP Account Manager is a web front-end for managing entries e.g., users, groups, DHCP settings stored in the LDAP directory. LDAP Account Manager LAM versions prior to 8.0 are vulnerable to parameter injection, which stems from the fact that LAM instantiates objects from arbitrary classes and ca...
CVE-2022-32442
u5cms version 8.3.5 is vulnerable to Cross Site Scripting XSS. When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl 96502%27bad=", it can cause html injection...
Exploit for CVE-2022-31749
Hook Hook exploits a parameter injection vulnerability in the...
Open Forms 输入验证错误漏洞
Open Forms is Open Formulieren open source an intelligent dynamic form . Used to quickly create a powerful and intelligent forms exposed through the API . A security vulnerability exists in Open Forms versions prior to 1.0.9 and 1.1.1. An attacker could exploit this vulnerability by injecting a...
git-promise 参数注入漏洞
git-promise is a simple wrapper. Run any git command with a more intuitive syntax. A parameter injection vulnerability exists in all versions of git-promise due to the use of space-splitting in the logic used to separate command parameters in pull requests...