Command Injection

Overview Affected versions of this package are vulnerable to Command Injection in the process that generates uninstall scripts from uploaded software packages, due to improper sanitization of metadata fields. An attacker can execute arbitrary commands with elevated privileges on managed endpoints...

Cisco Intersight 命令注入漏洞

Cisco Intersight is an application platform from Cisco, Inc. provides a level of intelligent management that enables IT organizations to analyze, simplify, and automate their environments in a more advanced way than previous generations of tools. A security vulnerability exists in the Cisco...

PT-2020-3918 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint affected versions not specified Description: A remote code execution issue exists in Microsoft SharePoint due to the software's failure to properly check the source markup of an application package. This could allow an...

PT-2017-18925 · Bigtree · Bigtree Cms

Name of the Vulnerable Software and Affected Versions: BigTree CMS versions 4.2.18 and earlier Description: The issue allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in...