759 matches found
Emissary 注入漏洞
Emissary is a software application. A P2P-based data-driven workflow engine that runs across heterogeneous and potentially widely distributed multi-tier P2P network computing resources. Emissary suffers from a security vulnerability that makes it susceptible to post-authentication Remote Code...
CVE-2021-32647 Post-authentication Remote Code Execution (RCE) in emissary:emissary
Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution RCE. The CreatePlace REST endpoint accepts an sppClassName parameter which is used to load an arbitrary class. This class is later instantiated using a...
SonicWall Email Security post-authentication arbitrary file read vulnerability
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the remote host. CVE: CVE-2021-20023 Last updated: April 20, 2021, 11:12 a.m...
SonicWall Email Security post-authentication arbitrary file creation vulnerability
SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the remote host. CVE: CVE-2021-20022 Last updated: April 9, 2021, 10:03 p.m...
CVE-2021-20018
CVE-2021-20018 affects SonicWall SMA100: a post-authenticated vulnerability that allows exporting the device’s configuration to a specified email address, impacting SMA100 versions 10.2.0.5 and earlier. The CVE details in linked sources (e.g., SonicWall PSIRT SNWLID-2021-0005 and CNVD/CVE records...
SonicWall SMA100 post-authentication configuration export to the a specified email address
A post-authenticated vulnerability in SonicWall SMA100 allows an attacker to export the configuration file to the specified email address. This vulnerability impacts SMA100 version 10.2.0.5 and earlier. CVE: CVE-2021-20018 Last updated: March 13, 2021, 1:19 a.m...
D-Link DIR-3060 授权RCE漏洞(CVE-2021-28144)
Advisory: D-Link DIR-3060 Authenticated RCE CVE-2021-28144 MARCH 11, 2021 Overview The D-Link DIR-3060 running firmware versions below v1.11b04 is affected by a post-authentication command injection vulnerability. Anybody with authenticated access to a DIR-3060 would be able to run arbitrary syst...
CVE-2021-21976
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...
Command injection
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...
CVE-2021-21976
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...
CVE-2021-21976
CVE-2021-21976 is a post-authentication command injection in vSphere Replication that may allow an authenticated admin to achieve remote code execution. Affected: vSphere Replication 8.3.x (before 8.3.1.2), 8.2.x (before 8.2.1.1), 8.1.x (before 8.1.2.3), and 6.5.x (before 6.5.1.5). Root cause: vu...
CVE-2020-26118
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit GWT API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious...
CVE-2020-25185
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 firmware versions 5.02.09...
Buffer overflow
The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 firmware versions 5.02.09...
CVE-2020-17458
A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field...
CVE-2020-10918
This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 Firmware version 6.52 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due t...
C-MORE HMI EA9 Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of C-MORE HMI EA9 touch screen panels. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication mechanism. The issue is due to insufficient...
CVE-2020-15308
Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...
CVE-2020-15308
Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...
Sql injection
Support Incident Tracker aka SiT! or SiTracker 3.67 p2 allows post-authentication SQL injection via the siteedit.php typeid or site parameter, the searchincidentsadvanced.php searchtitle parameter, or the reportqbe.php criteriafield parameter...