5963 matches found
CVE-2021-31769
CVE-2021-31769 affects MyQ X Smart prior to 8.2. The vulnerability allows remote code execution because administrative session data can be read from %PROGRAMFILES%\MyQ\PHP\Sessions, and the non‑administration‑restricted “Select server file” feature enables attackers to inject arbitrary OS command...
CVE-2021-31769
MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorizatio...
CVE-2020-20473
White Shark System WSS 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the controltask.php, controlproject.php, defaultuser.php files failing to filter the sort parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information...
CVE-2020-20474
White Shark System WSS 1.3.2 has a SQL injection vulnerability. The vulnerability stems from the defaulttaskedituser.php files failing to filter the csatouser parameter. Remote attackers can exploit the vulnerability to obtain database sensitive information...
CVE-2020-20467
White Shark System WSS 1.3.2 is vulnerable to sensitive information disclosure via defaulttaskadd.php, remote attackers can exploit the vulnerability to create a task...
CVE-2020-20467
White Shark System WSS 1.3.2 is vulnerable to sensitive information disclosure via defaulttaskadd.php, remote attackers can exploit the vulnerability to create a task...
Information disclosure
White Shark System WSS 1.3.2 is vulnerable to sensitive information disclosure via defaulttaskadd.php, remote attackers can exploit the vulnerability to create a task...
CVE-2020-20467
White Shark System WSS 1.3.2 is vulnerable to sensitive information disclosure via defaulttaskadd.php, remote attackers can exploit the vulnerability to create a task...
White Shark System SQL注入漏洞
White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A SQL injection vulnerability exists in White Shark...
MyQ X 操作系统命令注入漏洞
MyQ X is an application of myq-solution. It neatly organizes past and active projects in one place and centralizes their management in one interface. A security vulnerability exists in MyQ X Smart versions prior to 8.2, which can be exploited by an attacker to inject arbitrary OS commands via the...
White Shark System 信息泄露漏洞
White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A website physical path disclosure vulnerability exis...
PT-2021-10493 · Unknown · White Shark System
Name of the Vulnerable Software and Affected Versions: White Shark System WSS version 1.3.2 Description: The issue allows remote attackers to exploit the vulnerability and create a task, leading to sensitive information disclosure via the default task add.php endpoint. The default task add.php...
White Shark System 安全漏洞
White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A sensitive information disclosure vulnerability exis...
White Shark System SQL注入漏洞
White Shark System WSS is a browser-based collaboration platform that integrates Project Management, Task Management, Work Management and Work Log Management. Project Management", "Task Management", "Work Management" and "Work Log Management". A SQL injection vulnerability exists in White Shark...
CVE-2021-34809
Improper neutralization of special elements used in a command 'Command Injection' vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors...
CVE-2021-34811
Server-Side Request Forgery SSRF vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors...
CVE-2021-34811
Server-Side Request Forgery SSRF vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors...
CVE-2021-34809
Improper neutralization of special elements used in a command 'Command Injection' vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors...
Command injection
Improper neutralization of special elements used in a command 'Command Injection' vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors...