925 matches found
CMSWing 参数注入漏洞
CMSWing is an e-commerce platform and CMS builder based on ThinkJS and MySQL. A security vulnerability exists in CMSWing version 1.3.7, which stems from a logging rule in a parameter that can lead to a remote code execution vulnerability...
ungit 参数注入漏洞
ungit is a simple way to use git by Fredrik Noren, a Swedish personal developer. A parameter injection vulnerability exists in ungit before 1.5.20, which can be exploited by an attacker to conduct a Remote Code Execution RCE attack...
Cross site scripting
There is a stored Cross Site Scripting XSS vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks...
ARRIS SBR-AC1900P和ARRIS SBR-AC3200P 操作系统命令注入漏洞
ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS, Inc. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the pppoeUserName, pppoePassword, and pppoeService parameters in the pppoe function failing to properly filter the...
PYSEC-2022-163
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the updaterepo function when using hg, the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution...
libvcs 参数注入漏洞
libvcs is a vcs abstraction layer. libvcs is vulnerable to command injection, which stems from the fact that when the updaterepo function is called, the url argument is passed to the hg clone command, and an attacker can exploit this vulnerability to execute commands by injecting some hg options...
simple-git-hooks 参数注入漏洞
simple-git-hooks is an application. A simple git hooks manager for small projects A parameter injection vulnerability exists in simple-git-hooks, which stems from the fact that when the .fetchremote, branch, handlerFn function is called, both the remote and branch parameters are passed to the git...
CVE-2022-22985
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the specific web section where the information is displayed. Injection can be done on specific...
PT-2022-16980 · Ipcomm · Ipcomm Ipdio +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be...
PT-2022-15755 · Unknown · Vulnerable Device
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: Vulnerable device affected versions not specified Description: The issue allows attackers to inject malicious code into the web application of the vulnerable device due to the absence of filter...
weblate parameter injection vulnerability
Weblate is a web-based free software continuous localization system from Copyleft. weblate is vulnerable to a parameter injection vulnerability that results from a lack of filtering and escaping of user-submitted parameters, which can be exploited by attackers to cause command execution...
Weblate 参数注入漏洞
Weblate is a web-based free software continuous localization system from Copyleft. weblate is vulnerable to a parameter injection vulnerability that results from a lack of filtering and escaping of user-submitted parameters, which can be exploited by attackers to cause command execution...
Crypt_GPG 参数注入漏洞
CryptGPG is a PHP package that interacts with GNU Privacy Guard GnuPG. CryptGPG suffers from a parameter injection vulnerability that stems from the fact that the Crypt GPG extension prior to PHP 1.6.7 does not block additional options in GPG calls...
Mageia: Security Advisory (MGASA-2014-0488)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
H2Console 参数注入漏洞
H2Console is an embeddable RDBMS written in Java. A parameter injection vulnerability exists in H2Console versions prior to 2.1.210, which can be exploited by an attacker to execute arbitrary code on a system via a carefully constructed command...
Huawei HarmonyOS Injection Vulnerability
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which stems from a parameter injection type of vulnerability in a component of Huawei HarmonyOS. No details o...
CVE-2021-31558
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAEhierarchyHandler.ashx”...
Cross site scripting
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAEHandlerAlarmGroup.ashx”...
CVE-2021-37040
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting...
CVE-2021-37040
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting...