57 matches found
Command injection
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...
Vesta Control Panel 参数注入漏洞
Vesta Control Panel VestaCP is an open source web hosting control panel. A parameter injection vulnerability exists in Vesta Control Panel versions prior to 0.9.8-26-43 and Vesta Control Panel versions prior to 0.9.8-26, which stems from the fact that when it sends an HTTP POST request to the...
PT-2022-12942 · Unknown · Vesta Control Panel
Name of the Vulnerable Software and Affected Versions: myVesta Control Panel versions prior to 0.9.8-26-43 Vesta Control Panel versions prior to 0.9.8-26 Description: The issue allows an authenticated and remote administrative user to execute arbitrary commands. This can be achieved by sending HT...
Adobe ColdFusion Application Server Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the Application Server endpoint, which listens on TCP port 8500 by default. The iss...
CVE-2022-40075
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formfastsettingwifiset...
MiCODUS MV720 GPS 安全漏洞
The MiCODUS MV720 GPS is a GPS tracker from MiCODUS USA. A security vulnerability exists in the MiCODUS MV720 GPS that originates from an authenticated and insecure direct object reference vulnerability in the main web server on the endpoint and parameterized device IDs, which accepts arbitrary...
MiCODUS MV720 GPS 安全漏洞
MiCODUS MV720 GPS is a GPS tracker from MiCODUS Corporation. A security vulnerability exists in the MiCODUS MV720 GPS tracker that originates from an authenticated, insecure direct object reference vulnerability in the main web server on the endpoint and POST parameter "Device ID" that accepts an...
VulnCheck KEV: CVE-2021-46850
myVesta Control Panel before 0.9.8-26-43 and Vesta Control Panel before 0.9.8-26 are vulnerable to command injection. An authenticated and remote administrative user can execute arbitrary commands via the vsftplicense parameter when sending HTTP POST requests to the /edit/server endpoint...
GHSA-QGCG-P3V2-9H4P Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud Netflix
Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. A malicious user, or attacker, can...
ShowDoc Cross-Site Request Forgery Vulnerability
ShowDoc is an online document sharing tool. A cross-site request forgery vulnerability exists in server/index.php?s=/api/teamMember/save URL in ShowDoc version 2.4.2. A remote attacker can exploit this vulnerability to add a new user to a team...
GitStack Server User Add Vulnerability
GitStack is a Windows-based version control system. A security vulnerability exists in GitStack 2.3.10 and earlier versions, which stems from the program's failure to adequately filter user input. The vulnerability can be exploited to add a user to the server by sending the username and password...
QIWI: XML External Entity (XXE) in qiwi.com + waf bypass
While testing tax payment service, I found that your server endpoint https://qiwi.com/order/external/multiple.action is vulnerable to XML External Entity Attack. Despite server doesn’t response with any information, attacker can still use out-of-band XXE technique to read arbitrary files on serve...
IBM Security SiteProtector System Local Elevation of Privilege Vulnerability
IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents. A local elevation of privilege vulnerability exists in IBM Security SiteProtector System. This vulnerability could be exploited to allow a...
CVE-2014-0257
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...
Design/Logic Flaw
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...
Azure File Sync Agent v14 Release – October 2021
None None...
Azure File Sync Agent v9 Release – December 2019
None None...