CVE-2023-26469

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server...

Strapi 注入漏洞

Strapi is an open source content management system CMS. A security vulnerability exists in Strapi versions prior to 4.5.5, which can be exploited by an attacker to inject a crafted payload that executes code on the server into an email template, thereby bypassing validation checks that are suppos...

SUSE CVE-2014-0593

The setversion script as shipped with obs-service-setversion is a source validator for the Open Build Service OBS. In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server...

SUSE CVE-2017-7466

Ansible before version 2.3 has an input validation vulnerability in the handling of data sent from client systems. An attacker with control over a client system being managed by Ansible, and the ability to send facts back to the Ansible server, could use this flaw to execute arbitrary code on the...

PT-2023-12374 · Unknown · Openmage Lts

Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue affects OpenMage LTS, an e-commerce platform. Magento admin users with access to the customer media could execute code on the server...

OpenMage Magento Lts 路径遍历漏洞

OpenMage Magento Lts Magento is an e-commerce system organized by OpenMage. A path traversal vulnerability exists in OpenMage LTS versions 19.4.22 through 20.0.19, which originates from a Magento administrator user with privileged access to client media can execute code on the server...

PT-2022-24807 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: Onedev versions prior to 7.3.0 Description: Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. These artifact files are served by the...

CVE-2022-2046

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite...

U.S. Dept Of Defense: SQL Injection at https://████████.asp (█████████) [selMajcom] [HtUS]

Summary: SQL injection SQLi is a vulnerability in which an application accepts input into an SQL statement and treats this input as part of the statement. Typically, SQLi allows a malicious attacker to view, modify or delete data that should not be able to be retrieved. An SQLi vulnerability was...

CVE-2020-25560

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server. W...

Hardcoded credentials

In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients username: sapphire, password: ims and gain access to the portal. Once the access is available, the attacker can inject malicious OS commands on “ping”, “traceroute” and “snmp” functions and execute code on the server...

Microsoft SharePoint Server Remote Code Execution Vulnerability

...

Progress Software Telerik UI for ASP.NET AJAX 安全漏洞

Progress Software Telerik UI for ASP.NET AJAX is an HTML editor from Progress Software. A security vulnerability exists in Progress Software Telerik UI for ASP.NET AJAX 2021.1.224, which can be exploited by an attacker to gain unauthorized access to the server and execute code...

CVE-2020-14260

HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system...

HCL Notes Buffer Overflow Vulnerability

HCL Notes is an enterprise email client. A buffer overflow vulnerability exists in DXL in HCL Notes 9, 10, and 11. The vulnerability stems from improper validation of user input. An attacker could exploit the vulnerability to cause Notes to crash or execute attacker-controlled code on the server...

CVE-2020-7545

A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software see security notification for version information that could allow for arbitrary code execution on the server when an authorized user access an affected webpage...

HCL Notes 安全漏洞

HCL Notes is an enterprise email client. A buffer overflow vulnerability exists in DXL in HCL Notes 9, 10, and 11. The vulnerability stems from improper validation of user input. An attacker could exploit the vulnerability to cause Notes to crash or execute attacker-controlled code on the server...

CVE-2020-13994

An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker...

VulnCheck KEV: CVE-2019-18935

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process...

EyouCMS suffers from a file upload vulnerability (CNVD-2020-23805)

Hainan Zanzan Network Technology Co., Ltd. station-building system EyouCms is based on the TP5.0 framework for the core development of free + open source enterprise content management system, focusing on enterprise station-building user needs, to provide a large number of templates in various...