925 matches found
Cisco SD-WAN vManage 参数注入漏洞
Cisco SD-WAN vManage is a software from Cisco that provides software-defined networking capabilities. The software provides a way to virtualize the network. A parameter injection vulnerability exists in Cisco SD-WAN vManage Software that stems from improper validation of user-supplied device...
Discord Recon Server 参数注入漏洞
Discord Recon Server is an AI bot from Discord USA. Discord-Recon suffers from a parameter injection vulnerability that can be exploited by an attacker to read internal files from the system and write the files to the system, leading to remote code execution...
Innorix Web-Based File Transfer 参数注入漏洞
INNORIX Innorix Web-Based File Transfer is an application system from INNORIX Korea. It is used for file transfer. Web-Based File Transfer Solution 9.2.18.385 suffers from a parameter injection vulnerability that can be exploited by a remote attacker to potentially trick a user into visiting a...
NBBDownloader.ocx ActiveX 参数注入漏洞
SearchDomino.com ActiveX is an application from SearchDomino.com, Inc. Real-Time, Collaborative Enabled Programs NBBDownloader.ocx ActiveX suffers from a parameter injection vulnerability that can be exploited by remote attackers to trick users into visiting a crafted web page, which can cause...
Cisco IOS XE SD-WAN Parameter Injection Vulnerability
Cisco IOS XE is an open and flexible operating system optimized for future work. A parameter injection vulnerability exists in Cisco IOS XE versions after 17.3.1. The vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit the vulnerability to gain...
Cisco IOS XE Parameter Injection Vulnerability
Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A parameter injection vulnerability exists in the CLI for SD-WAN on Cisco IOS XE. The vulnerability stems from insufficient input validation of certain CLI commands. An attacker...
Dw1 apkleaks 参数注入漏洞
Dw1 apkleaks is a Dw1 open source application . It is used to scan APK files for URIs, endpoints and secrets. A security vulnerability exists in APKLeaks prior to v2.0.3, which can be exploited by an attacker to contain allow execution of unexpected commands or code...
Facebook Gameroom 参数注入漏洞
Facebook Gameroom is a software of Facebook Inc. It is used for watching videos, playing games, and sharing content. A security vulnerability exists in versions prior to Facebook Gameroom v1.26.0 that stems from the fbgames protocol handler not properly referencing parameters passed to the...
Accellion FTA 注入漏洞
Accellion FTA is an enterprise content firewall from Accellion USA, Inc. It provides a protection against data leakage and breaches from third-party network risks. An injection vulnerability exists in Accellion FTA 912432 and earlier, which stems from being vulnerable to parameter injection via a...
Wave Inspur ClusterEngine Parameter Injection Vulnerability
Wave Inspur ClusterEngine is an application software from China's Wave Corporation. It provides management of jobs submitted by hardware and software in a cluster system. A security vulnerability exists in Inspur ClusterEngine V4.0, which can be exploited by remote attackers to send malicious log...
Omrilotan async-git Parameter Injection Vulnerability
Omrilotan async-git is a Javascript-based code repository that supports interaction with git repositories by the individual developer Omrilotan. A parameter injection vulnerability exists in async-git. The vulnerability originates from allowing shell metacharacters to be injected into git command...
TP-LINK TL-WR841N 操作系统命令注入漏洞
The Tp-link TL-WR841N is a wireless router from China P&L Tp-link. The TP-Link TL-WR841N suffers from a parameter injection vulnerability that allows a remote authenticated malicious user to execute arbitrary commands on the system, which can be exploited by an attacker to execute arbitrary...
CVE-2020-35724
Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter or indirectly via the cpr, tcp, or abs parameter. NOTE: This vulnerability only affects products that are no...
Draytek Vigor2960 Parameter Injection Vulnerability
The Draytek Vigor2960 is a load balancing router and VPN gateway appliance from Draytek Taiwan, China. A parameter injection vulnerability exists in the DrayTek Vigor2960 1.5.1, which allows remote command execution via toLogin2FA action to mainfunction.cgi...
Exploit for Server-Side Request Forgery in Sap Businessobjects_Business_Intelligence_Platform
CVE-2020-6308 SAP POC !Follow on Twitterhttps://img.shields...
Xinuos Openserver Parameter Injection Vulnerability
Xinuos Openserver is a FreeBSD-based operating system from the US company Xinuos. A security vulnerability exists in Xinuos formerly SCO Openserver versions v5 and v6 that allows an attacker to execute arbitrary commands to the cgi-bin printbook via the shell metacharacter outputform or toclevels...
CVE-2020-29135
cPanel before 90.0.17 has multiple instances of URL parameter injection SEC-567...
CVE-2020-29135
cPanel before 90.0.17 has multiple instances of URL parameter injection SEC-567...
CVE-2020-29135
cPanel before 90.0.17 has multiple instances of URL parameter injection SEC-567...
CVE-2020-29135
CVE-2020-29135 affects cPanel prior to 90.0.17, with multiple instances of URL parameter injection (SEC-567). The connected records identify the affected product and the vulnerability type, but do not provide explicit exploitation details, affected components beyond the web interfaces, or a confi...