925 matches found
Mobileiron MobileIron Core参数注入漏洞
Mobileiron MobileIron Core is a management console component of the MobileIron platform from Mobileiron, Inc. The product supports the definition of security and management policies for devices, applications and content. A parameter injection vulnerability exists in Ivanti MobileIron Core version...
Etherpad 参数注入漏洞
Etherpad is open source a Web-based online document collaboration tool . Multiple users can simultaneously write a text document through Etherpad , and see all the participants of real-time editing . Etherpad version 1.8.13 there is a security vulnerability , the vulnerability stems from a...
CVE-2021-32534
QSAN SANOS factory reset function does not filter special parameters. Remote attackers can use this vulnerability to inject and execute arbitrary commands without permissions. The referred vulnerability has been solved with the updated version of QSAN SANOS v2.1.0...
CVE-2020-22208
SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajaxstreet.php...
CVE-2021-27479
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...
Code injection
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users...
Ruby Parameter Injection Vulnerability
Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the individual developer, Yukihiro Matsumoto. A parameter injection vulnerability exists in Ruby versions prior to 1.4.0, which can be exploited by an attacker to read and write arbitrary files via a crafted UR...
Ruby 参数注入漏洞
Ruby is a cross-platform, object-oriented, dynamically-typed programming language from the individual developer, Yukihiro Matsumoto. A parameter injection vulnerability exists in Ruby versions prior to 1.4.0, which can be exploited by an attacker to read and write arbitrary files via a crafted UR...
CVE-2020-18230
Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgswitchshow" of component " /admin/webconfig.php"...
CVE-2020-18229
Cross Site Scripting XSS in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfgcopyright" of component " /admin/webconfig.php"...
Cisco Modeling Labs Parameter Injection Vulnerability
Cisco Modeling Labs is a software application from the American company Cisco Cisco. A local network simulation tool that runs on workstations and servers. Cisco Modeling Labs suffers from a parameter injection vulnerability that stems from insufficient validation of user-supplied web UI input,...
IBM InfoSphere Information Server 信息泄露漏洞
IBM InfoSphere Information Server is a data integration platform that includes a range of products that enable you to understand, cleanse, monitor, transform, and transfer data, as well as collaborate to bridge the gap between business and IT. An information disclosure vulnerability exists in IBM...
Cisco Modeling Labs 参数注入漏洞
Cisco Modeling Labs is a software application from the American company Cisco Cisco. A local network simulation tool that runs on workstations and servers. Cisco Modeling Labs suffers from a parameter injection vulnerability that stems from insufficient validation of user-supplied web UI input,...
Aiven Ltd: Grafana RCE via SMTP server parameter injection
Summary: This report is similar to 1180653, except with different parameter injection entrypoint. SMTP server password configuration setting accepts new line characters. This can be used to set non-exported configuration variables. Using this CRLF-injection, the renderingargs of grafana image...
Knowage Cross-Site Scripting Vulnerability (CNVD-2021-34493)
Knowage is an open source suite for modern business analytics on traditional resources and big data systems from Knowage Italy. A cross-site scripting vulnerability exists in Knowage Suite version 7.3. An attacker can inject arbitrary web scripts via the "targetService" parameter...
JetBrains TeamCity Parameter Injection Vulnerability
TeamCity is a Java-based build management and continuous integration server from JetBrains. A parameter injection vulnerability exists in JetBrains TeamCity versions prior to 2020.2.3. An attacker can exploit this vulnerability to achieve remote code execution...
CVE-2021-30213
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting XSS. An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter...
Jetbrains JetBrains TeamCity 参数注入漏洞
TeamCity is a Java-based build management and continuous integration server from JetBrains. A parameter injection vulnerability exists in JetBrains TeamCity versions prior to 2020.2.3. An attacker can exploit this vulnerability to achieve remote code execution...
composer 参数注入漏洞
Composer is a dependency manager for PHP. Composer suffers from a security vulnerability that stems from the failure of the composer.json and package source code download url to be properly cleared. An attacker can exploit the vulnerability to remotely execute code...
Cisco SD-WAN vManage Parameter Injection Vulnerability
Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A parameter injection vulnerability exists in Cisco SD-WAN vManage Software that stems from improper validation of user-supplied device...