100 matches found
GHSA-94XH-2FMC-XF5J systeminformation command injection vulnerability
Impact command injection vulnerability Patches Problem was fixed with a shell string sanitation fix. Please upgrade to version = 4.27.11 Workarounds If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite References Are there any links use...
CentOS Web Panel Code Execution Vulnerability (CNVD-2020-43142)
CentOS Web Panel CWP is a free web hosting control panel that makes it easy to manage multiple servers Dedicated and VPS without having to access the servers via SSH. A code execution vulnerability in CentOS Web Panel version cwp-e17.0.9.8.923, which stems from the ajaxdashboard.php file not...
PT-2020-14531 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax dashboard.ph...
SQL injection in Centreon
SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svcid parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php...
DEBIAN-CVE-2014-4172
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
DEBIAN-CVE-2019-13485
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c...
Stack overflow
In Xymon through 4.3.28, a stack-based buffer overflow vulnerability exists in the history viewer component via a long hostname or service parameter to history.c...
Google Chrome Security Bypass Vulnerability (CNVD-2019-26520)
Google Chrome is a web browser from Google, an American company. A security vulnerability exists in Google Chrome versions prior to 76.0.3809.87, which stems from the program not adequately filtering the Open URL service parameter. The vulnerability can be exploited by an attacker to bypass...
Security update for obs-service-tar_scm (important)
openSUSE Security Update: Security update for obs-service-tarscm Announcement ID: openSUSE-SU-2019:0326-1 Rating: important References: 1076410 1082696 1105361 1107507 1107944 Cross-References: CVE-2018-12473 CVE-2018-12474 CVE-2018-12476 Affected Products: openSUSE Leap 15.0 An update that solve...
The vulnerability of the soapcgi_main function in the soap.cgi script of D-Link DIR-818LW and DIR-860L routers allows a hacker to execute arbitrary commands on the operating system.
The vulnerability of the soapcgimain function in the soap.cgi script /htdocs/cgibin/soap.cgi of the D-Link DIR-818LW and DIR-860L router software is caused by privilege management errors. Exploiting this vulnerability allows an attacker to execute arbitrary operating system commands using the...
D-Link DIR-818LW Rev.A and DIR-860L Rev.B Operating System Command Injection Vulnerability
The D-Link DIR-818LW Rev.A and DIR-860L Rev.B are both wireless router products from AUO D-Link. An operating system command injection vulnerability exists in the soap.cgi service of the cgibin binary in the D-Link DIR-818LW Rev.A version 2.05.B03 and DIR-860L Rev.B version 2.03.B03. A remote...
Multiple D-Link Products OS Command Injection Vulnerability
D-Link DIR-880L and others are wireless router products from AUO D-Link. An operating system command injection vulnerability exists in the soap.cgi file in several D-Link products. A remote attacker can exploit this vulnerability to execute arbitrary OS commands with the help of the 'service'...
CVE-2018-6530
OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...
CVE-2017-16836
Arris TG1682G devices with Comcast TG16822.0s7PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajaxmanagedservices.php service parameter...
Cross site scripting
Arris TG1682G devices with Comcast TG16822.0s7PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajaxmanagedservices.php service parameter...
CVE-2017-16836
Arris TG1682G devices with Comcast TG16822.0s7PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajaxmanagedservices.php service parameter...
cas-client: Bypass of security constraints via URL parameter injection
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrary web script or HTML via the 1 service...
Open redirect
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter...
CVE-2013-4955
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter...
CVE-2011-4805
Cross-site scripting XSS vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter...