66 matches found
CVE-2022-40022
Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability...
Command injection
Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability...
Microchip Technology (Microsemi) SyncServer S650 命令注入漏洞
Microchip Technology SyncServer Microsemi SyncServer is a series of network time servers from Microchip Technology USA. A security vulnerability exists in Microchip Technology Microsemi SyncServer S650. An attacker could exploit this vulnerability to perform a command injection attack...
CVE-2022-40022
Symmetricom SyncServer S650 is affected by CVE-2022-40022, an unauthenticated command-injection vulnerability in the /controller/ping.php endpoint. The NVD entry and Nuclei template describe an exploit linked to a command execution that affects the SyncServer S650 line; the vulnerability is state...
CVE-2022-40022
Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability...
CVE-2022-40022
Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability...
Kentico CMS Staging SyncServer Unserialize Remote Command Execution
This module exploits a vulnerability in the Kentico CMS platform versions 12.0.14 and earlier. Remote Command Execution is possible via unauthenticated XML requests to the Staging Service SyncServer.asmx interface ProcessSynchronizationTaskData method stagingTaskData parameter. XML input is passe...
Multiple Microsemi Product Path Traversal Vulnerabilities (CNVD-2020-29591)
Microsemi Symmetricom SyncServer S100 and others are a network time server from Microsemi, USA. A path traversal vulnerability exists in multiple Microsemi products. The vulnerability stems from a failure of a networked system or product to properly filter special elements in a resource or file...
Multiple Microsemi Product Path Traversal Vulnerabilities (CNVD-2020-29569)
Microsemi Symmetricom SyncServer S100 and others are a network time server from Microsemi, USA. A path traversal vulnerability exists in multiple Symmetricom products. The vulnerability stems from a failure of a networked system or product to properly filter special elements in a resource or file...
Cross-Site Scripting Vulnerability in Multiple Microsemi Products
Microsemi Symmetricom SyncServer S100 and others are a network time server from Microsemi, USA. A cross-site scripting vulnerability exists in several Microsemi products. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit...
Multiple Microsemi Products Input Validation Error Vulnerability
Microsemi Symmetricom SyncServer S100 and others are a network time server from Microsemi, USA. A security vulnerability exists in several Symmetricom products that stems from the program's failure to properly handle authentication of callbacks. An attacker could exploit the vulnerability to...
Multiple Microsemi Product Path Traversal Vulnerabilities (CNVD-2020-29592)
Microsemi Symmetricom SyncServer S100 and others are a network time server from Microsemi, USA. A path traversal vulnerability exists in multiple Microsemi products. The vulnerability stems from a failure of a networked system or product to properly filter special elements in a resource or file...
Multiple Microsemi Product Path Traversal Vulnerabilities
Microsemi Symmetricom SyncServer S100 and others are a network time server from Microsemi, USA. A path traversal vulnerability exists in multiple Microsemi products. The vulnerability stems from a failure of a networked system or product to properly filter special elements in a resource or file...
CVE-2020-9031
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php...
CVE-2020-9028
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen when creating a new user...
CVE-2020-9033
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php...
CVE-2020-9028
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen when creating a new user...
CVE-2020-9029
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php...
CVE-2020-9029
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php...
CVE-2020-9032
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php...