15304 matches found
PYSEC-2023-4
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions...
PYSEC-2023-4
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions...
CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...
CVE-2022-45875 Apache DolphinScheduler: Remote command execution Vulnerability in script alert plugin
Improper validation of script alert plugin parameters in Apache DolphinScheduler to avoid remote command execution vulnerability. This issue affects Apache DolphinScheduler version 3.0.1 and prior versions; version 3.1.0 and prior versions. This attack can be performed only by authenticated users...
CVE-2022-45875
Apache DolphinScheduler (CVE-2022-45875) is affected by improper validation of script alert plugin parameters, allowing remote command execution. The issue affects 3.0.1 and earlier, and 3.1.0 and earlier; authenticated users who can log in to DolphinScheduler could exploit it. CVSSv3.1 base scor...
CVE-2022-43538
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...
CVE-2022-43537
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. Successful exploits could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complet...
CVE-2022-43931
Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors...
PT-2023-15965 · WordPress · The User Post Gallery - Upg
Name of the Vulnerable Software and Affected Versions: The User Post Gallery - UPG plugin for WordPress versions up to, and including 2.19 Description: The issue allows for authorization bypass, leading to remote command execution due to the use of a nopriv AJAX action and user-supplied function...
PT-2022-6125
Name of the Vulnerable Software and Affected Versions Synology VPN Plus Server versions prior to 1.4.3-0534 and 1.4.4-0635 Description The issue is related to an out-of-bounds write vulnerability in the Remote Desktop functionality of Synology VPN Plus Server. This vulnerability can be exploited ...
4images 1.9 Remote Command Execution Vulnerability
Exploit Title: 4images 1.9 - Remote Command Execution Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Select...
4images 1.9 Remote Command Execution
Exploit Title: 4images 1.9 - Remote Command Execution Exploit Author: Andrey Stoykov Software Link: https://www.4homepages.de/download-4images Version: 1.9 Tested on: Ubuntu 20.04 To reproduce do the following: 1. Login as administrator user 2. Browse to "General" - " Edit Templates" - "Select...
VulnCheck KEV: CVE-2018-20057
An issue was discovered in /bin/boa on D-Link DIR-619L Rev.B 2.06B1 and DIR-605L Rev.B 2.12B1 devices. goform/formSysCmd allows remote authenticated users to execute arbitrary OS commands via the sysCmd POST parameter...
PT-2022-25424 · Pfsense · Pfblockerng
Name of the Vulnerable Software and Affected Versions: pfSense pfBlockerNG versions through 2.1.4 27 Description: The issue allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header. Recommendations: For pfSense pfBlockerNG versions through 2.1.4 27, update to a...
CVE-2022-44456
CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
CVE-2022-44456
CONPROSYS HMI System CHS Ver.3.4.4?and earlier allows a remote unauthenticated attacker to execute an arbitrary OS command on the server where the product is running by sending a specially crafted request...
CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
CVE-2022-25627
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
Command injection
An authenticated administrator who has physical access to the environment can carry out Remote Command Execution on Management Console in Symantec Identity Manager 14.4...
NETGEAR Nighthawk 操作系统命令注入漏洞
The NETGEAR Nighthawk WiFi6 Router is a series of routers that support WiFi 6 technology and are designed for users who are looking for a high-speed Internet experience. The NETGEAR Nighthawk WiFi6 Router suffers from a command injection vulnerability that stems from the fact that the default...