Cisco NX-OS Software 操作系统命令注入漏洞

Cisco NX-OS Software is a suite of data center-grade operating system software used by Cisco's switches in the United States. A security vulnerability exists in Cisco NX-OS Software that stems from insufficient validation of parameters passed to specific CLI commands. An attacker exploiting this...

CVE-2023-24812 SQL injection of notes/search-by-tag

Misskey is an open source, decentralized social media platform. In versions prior to 13.3.3 SQL injection is possible due to insufficient parameter validation in the note search API by tag notes/search-by-tag. This has been fixed in version 13.3.3. Users are advised to upgrade. Users unable to...

Misskey SQL注入漏洞

Misskey is a micro blogging platform. A SQL injection vulnerability exists in Misskey versions prior to 13.3.3, which stems from insufficient validation of parameters, and may be subject to SQL injection...

SUSE CVE-2010-4252

OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol...

SUSE CVE-2010-4478

OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly validate the public parameters in the J-PAKE protocol, which allows remote attackers to bypass the need for knowledge of the shared secret, and successfully authenticate, by sending crafted values in each round of the protocol, a...

SUSE CVE-2015-9185

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

GSD-2023-1002258 net: mdio: validate parameter addr in mdiobus_get_phy()

net: mdio: validate parameter addr in mdiobusgetphy This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.272 by commit...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

PT-2023-35292 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.231 Description: The issue concerns the validation of the addr parameter in the mdiobus get phy function. This is an automated identification of a potential security issue, but the actual impact and attack...

CVE-2022-47368

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...

CVE-2022-38681

In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services...

Canteen Management System SQL Injection Vulnerability (CNVD-2023-08051)

Canteen Management System is a canteen management system. version 1.0 of Canteen Management System is vulnerable to SQL injection, which stems from the lack of validation of external input SQL statements by parameter id. An attacker could use this vulnerability to execute illegal SQL commands to...

PT-2023-3382 · Samsung · Exynos Modem 5300 +5

Name of the Vulnerable Software and Affected Versions: Exynos Modem 5123 Exynos Modem 5300 Exynos 980 Exynos 1080 Exynos 9110 Exynos Auto T5123 Description: The issue is related to a buffer overflow when decoding an SIP status line, potentially allowing a remote attacker to cause a denial of...

PT-2023-12281 · Unknown · Native-Php-Cms

Name of the Vulnerable Software and Affected Versions: native-php-cms version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the cat parameter in the /list.php file, enabling attackers to inject malicious SQL code...

WordPress plugin Page-list 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

WordPress plugin Landing Page Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

WordPress plugin Top 10 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress plugin Login Logout Menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...