3 matches found
CVE-2019-12091
The Netskope client service is affected by a local command-injection vulnerability in the connection handling code for versions 57 before 57.2.0.219 and 60 before 60.2.0.214, allowing an attacker with local access to execute code with NT\SYSTEM privileges. Affected products are Netskope Client on...
CVE-2019-12091 Netskope client command injections vulnerability
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to...
Dedecms v57 sp1 plus/download.php SQL注入漏洞
起因是全局变量$GLOBALS可以被任意修改,随便看了下,漏洞一堆,我只找了一处。 codeinclude/dedesql.class.php ifisset$GLOBALS'arrs1' $v1 = $v2 = ''; for$i=0;isset$arrs1$i;$i++ $v1 .= chr$arrs1$i; for$i=0;isset$arrs2$i;$i++ $v2 .= chr$arrs2$i; //解码ascii $GLOBALS$v1 .= $v2; //注意这里不是覆盖,是+ function SetQuery$sql $prefix="@"; $sql =...