PT-2024-38633 · Sonaar · Mp3 Audio Player – Music Player

Name of the Vulnerable Software and Affected Versions: The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress versions up to, and including, 5.7.0.1 Description: The issue is related to unauthorized arbitrary file deletion due to a missing capability check on t...

Cisco NX-OS Software 安全漏洞

Cisco NX-OS Software is a suite of data center-grade operating system software used by switches from Cisco USA. A security vulnerability exists in Cisco NX-OS Software that stems from insufficient validation of parameters for specific CLI commands. An attacker exploiting this vulnerability could...

Kashipara Music Management System SQL Injection Vulnerability (CNVD-2024-37436)

Kashipara Music Management System is a music management system from Kashipara. Kashipara Music Management System v1.0 suffers from a SQL injection vulnerability, which originates from the lack of validation of the email parameter of /music/ajax.php?action=login against external SQL input, which c...

CVE-2024-7732

Dr.ID Access Control System from SECOM does not properly validate a specific page parameter, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...

Online Bus Reservation Site SQL Injection Vulnerability

Online Bus Reservation Site is an online bus reservation site. A SQL injection vulnerability exists in Online Bus Reservation Site version 1.0 due to a lack of validation of parameter Email against externally entered SQL statements. An attacker can exploit this vulnerability to execute illegal SQ...

Nuxt 安全漏洞

Nuxt is a free open source framework from Nuxt Open Source. A security vulnerability exists in Nuxt version 3.4.0 through versions prior to 3.12.4, which stems from insufficient validation of parameters and allows an attacker to execute arbitrary JavaScript on the server side, which in turn...

Command Injection

org.apache.streampark:streampark is vulnerable to Command Injection. The vulnerability is caused due to insufficient input parameter validation, allowing attackers to insert commands. Exploiting this requires system-level access via user login, thereby limiting its risk due to controlled user...

CVE-2024-20400

A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...

GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2023-52291

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2024-6074

The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Cisco NX-OS Software 操作系统命令注入漏洞

Cisco NX-OS Software is a set of data center-grade operating system software for switches from the U.S. company Cisco Cisco. A command injection vulnerability exists in Cisco NX-OS Software, which arises from insufficient validation of parameters passed to specific configuration CLI commands, and...

ChuanhuChatGPT Security Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A security vulnerability exists in ChuanhuChatGPT, which stems from a lack of cleanup or validation of the keyword parameter, and a denial of service vulnerability in the...

CVE-2024-4399

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack...

PT-2024-30854 · Jenkins +1 · Cas +1

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to a lack of validation for a parameter before making a request to it. This could allow unauthenticated users to perform a Server-Side Request Forgery SSRF attack. SSR...

CVE-2024-20369

A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator NSO could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An...

Cisco Crosswork Network Services Orchestrator 安全漏洞

Cisco Crosswork Network Services Orchestrator is a network services orchestrator from Cisco USA. A security vulnerability exists in Cisco Crosswork Network Services Orchestrator that originates from improper validation of parameter inputs in HTTP requests, allowing an unauthenticated, remote...

RuvarOA office_missive_id Parameter SQL Injection Vulnerability

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the officemissiveid parameter in the /WorkFlow/wfworkformsave.aspx file against external SQL input. An attacker can exploit this...

RuvarOA sys_file_storage_id parameter SQL injection vulnerability (CNVD-2024-33626)

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the sysfilestorageid parameter in the /WorkFlow/wfworkfinishfiledown.aspx file against external SQL input. An attacker can explo...