925 matches found
Code injection
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting...
CVE-2021-37040
CVE-2021-37040 corresponds to a parameter-injection vulnerability in Huawei HarmonyOS smartphones. Connected sources indicate the issue affects HarmonyOS components and can lead to privilege escalation after CIFS share mounting. The available documents cite vulnerability type and potential impact...
CVE-2021-37040
There is a Parameter injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause privilege escalation of files after CIFS share mounting...
Orangescrum 1.8.0 Cross Site Scripting
Exploit Title: orangescrum 1.8.0 - 'Multiple' Cross-Site Scripting XSS Authenticated Date: 28/11/2021 Exploit Author: Hubert Wojciechowski Contact Author: [email protected] Company: https://redteam.pl Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/...
CVE-2021-40260
Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester Tailor Management 1.0 via the 1 eid parameter in a partedit.php and b customeredit.php, the 2 id parameter in a editmeasurement.php and b addpayment.php, and the 3 error parameter in index.php...
Calibre 输入验证错误漏洞
Calibre is an open source free all-in-one eBook reading management and format conversion tool by Kovid Goyal, an individual developer in India. Calibre suffers from an input validation error vulnerability that stems from an input validation issue found in Calibre on the device linux mount helper....
CVE-2021-42538
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...
CVE-2021-42538
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...
Input validation
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input...
CVE-2021-42538
CVE-2021-42538 affects Emerson WirelessHART Gateway. The issue is a parameter injection via passphrase, enabling an attacker to supply uncontrolled input. Impact is high for confidentiality, integrity, and availability per linked advisories, with remote networking attack feasible after insufficie...
Amazon WorkSpaces Parameter Injection Vulnerability
Amazon WorkSpaces, a fully managed persistent desktop virtualization service from Amazon, lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. In Amazon AWS WorkSpaces clients prior to version 3.1.9 on Windows, parameter injection in...
CVE-2021-40324
A flaw was found in cobbler. The flaw lies in cobblerd's anamon support, specifically the uploadlogdata XMLRPC function. An anamonenabled setting, if enabled, accepts unsanitized user-supplied parameters. This flaw allows an attacker to write arbitrary files to the system. The highest threat from...
Amazon WorkSpaces 参数注入漏洞
Amazon WorkSpaces, a fully managed persistent desktop virtualization service from Amazon, lets your users access the data, applications, and resources they need from any supported device, anytime, anywhere. In Amazon AWS WorkSpaces clients prior to version 3.1.9 on Windows, parameter injection in...
HUAWEI HarmonyOS 参数注入漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based distributed operating system. A security vulnerability exists in Huawei HarmonyOS, which stems from a parameter injection type of vulnerability in a component of Huawei HarmonyOS. No details o...
CVE-2021-39244
Authenticated Semi-Blind Command Injection via Parameter Injection exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto...
CVE-2021-39244
Authenticated Semi-Blind Command Injection via Parameter Injection exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto...
Command injection
Authenticated Semi-Blind Command Injection via Parameter Injection exists on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices via the getlogs.cgi tcpdump feature. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto...
CVE-2021-39244
CVE-2021-39244 is a documented authenticated semi-blind command injection vulnerability affecting Altus Nexto and Hadron Xtorm devices, exposed via the getlogs.cgi tcpdump feature. Affected products/versions (per sources) include Nexto NX3003/ NX3004/ NX3005/ NX3010/ NX3020/ NX3030 (1.8.11.0 or 1...
AT&T Labs Xmill 参数注入漏洞
AT&T Labs Xmill is a new tool for efficient compression of XML data from AT&T Labs, USA. AT&T Labs Xmill suffers from a parameter injection vulnerability that exists due to a boundary error in the command line parsing HandleFileArg function in strlen. A local user can use a specially crafted...
Palo Alto Networks PAN-OS 参数注入漏洞
PAN-OS is an operating system designed specifically for the security and control of Palo Alto Networks firewalls, with a rich set of firewall, management and network features. An OS command parameter injection vulnerability exists in the web interface of PAN-OS. An attacker could exploit this...