4145 matches found
Nacos <1.4.1 - Authentication Bypass
This template only works on Nuclei engine prior to version 2.3.3 and version = 2.3.5. In Nacos before version 1.4.1, when configured to use authentication -Dnacos.core.auth.enabled=true Nacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that enables Nac...
Telesquare TLR-2855KS6 - Arbitrary File Deletion
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow deletion of system files and scripts. id: CVE-2021-46419 info: name: Telesquare TLR-2855KS6 - Arbitrary File Deletion author: DhiyaneshDK severity: critical description: | An unauthorized file deleti...
BillQuick Web Suite SQL Injection
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xpcmdshell. id: CVE-2021-42258 info: name: BillQuick Web Suite SQL Injection...
CommScope Ruckus IoT Controller - Information Disclosure
CommScope Ruckus IoT Controller is susceptible to information disclosure vulnerabilities because a 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for...
D-Link DAP-1620 - Local File Inclusion
D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading /etc/passwd and /etc/shadow. id: CVE-2021-46381 info: name: D-Link DAP-1620 - Local File Inclusion author: 0xAkoko severity: high description: D-Link DAP-1620 is...
Zoho ManageEngine OpManager < 12.5.329 - Remote Code Execution
Zoho ManageEngine OpManager before 12.5.329 contains a remote code execution caused by a general bypass in the deserialization class, letting unauthenticated attackers execute arbitrary code, exploit requires no authentication id: CVE-2021-3287 info: name: Zoho ManageEngine OpManager 12.5.329 -...
WordPress Modern Events Calendar Lite <5.16.5 - Sensitive Information Disclosure
WordPress Modern Events Calendar Lite before 5.16.5 does not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format. id: CVE-2021-24146 info: name: WordPress Modern Events Calendar Lite 5.16.5 - Sensitive Information Disclosure...
WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbitrary file upload. An attacker can upload malicious files and execute code on the server, modify data, and/or gain full control over a compromised system without authentication. id: CVE-2021-24370 info: name: WordPress...
Apache OFBiz <17.12.07 - Arbitrary Code Execution
Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions. id: CVE-2021-30128 info: name: Apache OFBiz 17.12.07 - Arbitrary Code Execution author: For3stCo1d...
Advantech R-SeeNet 2.4.12 - OS Command Injection
Advantech R-SeeNet 2.4.12 is susceptible to remote OS command execution via the ping.php script functionality. An attacker, via a specially crafted HTTP request, can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering...
Wipro Holmes Orchestrator 20.4.1 - Information Disclosure
Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...
Cobbler <3.3.0 - Remote Code Execution
Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method. id: CVE-2021-40323 info: name: Cobbler 3.3.0 - Remote Code Execution author: c-sh0 severity: critical description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via ...
Grafana Unauthenticated Snapshot Creation
Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. id: CVE-2021-27358 info: name: Grafana Unauthenticated Snapshot Creation author: pdteam,bing0o severity: hi...
Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wpajaxnoprivelvwplogdownload AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, whi...
CyberPanel v2.3.6 Pre-Auth Remote Code Execution
upgrademysqlstatus in databases/views.py in CyberPanel aka Cyber Panel before 5b08cd6 allows remote attackers to bypass authentication and execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware which is only for a POST request and using shell metacharacters in the...
Winter CMS Local File Inclusion - (LFI)
Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local...
ZKTeco BioTime v8.5.5 - Path Traversal
A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload. id: CVE-2023-38950 info: name: ZKTeco BioTime v8.5.5 - Path Traversal author: iamnoooob,pdresearch severity: high description: | A pa...
WP Fastest Cache 1.2.2 - SQL Injection
The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. id: CVE-2023-6063 info: name: WP Fastest Cache 1.2.2 - SQL Injection author: DhiyaneshDK...
Netgear R6850 V1.1.0.88 - Command Injection
Netgear R6850 router firmware version V1.1.0.88 suffers from a command injection vulnerability in the pingtest functionality. An unauthenticated attacker can inject arbitrary system commands through the c4IPAddr parameter, resulting in remote code execution as root. id: CVE-2024-30568 info: name:...
Change Detection - Server Side Template Injection
A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host. id: CVE-2024-32651 info: name: Change Detection - Server Side Template Injection author: edoardottt severity: critical description: | A Server...
Belkin Linksys RE6500 <1.0.012.001 - Remote Command Execution
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. id: CVE-2020-35713 info: name: Belkin Linksys RE6500 1.0.012.001 - Remote Command Execution author: gy741 severity:...
OsTicket < 1.14.3 - Server Side Request Forgery
SSRF vulnerability exists in osTicket before 1.14.3, allowing an attacker to add malicious files to the server or perform port scanning. id: CVE-2020-24881 info: name: OsTicket 1.14.3 - Server Side Request Forgery author: hnd3884 severity: critical description: | SSRF vulnerability exists in...
TBK DVR4104/DVR4216 Devices - Authentication Bypass
TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, Pulnix, XVR 5 in 1, Securus, Night OWL, DVR Login, HVR Login, and MDVR Login, which run re-branded versions of the original TBK DVR4104 and DVR4216 series, allow remote attackers to bypass authentication via a "Cookie: uid=admin"...
LogonTracer <=1.2.0 - Remote Command Injection
LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. id: CVE-2018-16167 info: name: LogonTracer =1.2.0 - Remote Command Injection author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execu...
SAP Internet Graphics Server (IGS) - XML External Entity Injection
SAP Internet Graphics Servers IGS running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection XXE vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag...
Dolibarr <7.0.2 - Cross-Site Scripting
Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. id: CVE-2018-10095 info: name: Dolibarr 7.0.2 - Cross-Site Scripting author: pikpikcu severity: medium...
Western Digital MyCloud NAS - Authentication Bypass
It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the...
Joomla! Component GMapFP 3.5 - Arbitrary File Upload
Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double...
IncomCMS 2.0 - Arbitrary File Upload
IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server. id: CVE-2020-29597 info: name: IncomCMS 2.0 - Arbitrary File Upload author: princechaddha severity: critical description: |...
Roxy-WI - Remote Code Execution
Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the sshcommand function without processing the inputs received from the user in the /app/funct.py file. id: CVE-2022-31126 info: name: Roxy-WI - Remote Code Execution author: ritikchaddha...
Crestron Device - Credentials Disclosure
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname...
Casdoor 1.13.0 - Unauthenticated SQL Injection
Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations. id: CVE-2022-24124 info: name: Casdoor 1.13.0 - Unauthenticated SQL Injection...
Webmin < 1.920 - Authenticated Remote Code Execution
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...
Socomec DIRIS A-40 Devices Password Disclosure
Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI. id: CVE-2019-15859 info: name: Socomec DIRIS A-40 Devices Password Disclosure author:...
Kramer VIAware - Remote Code Execution
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames. id: CVE-2021-36356 info: name: Kramer VIAware - Remote Code Execution author: gy741 severity: critical description: KRAMER...
PuneethReddyHC Online Shopping System homeaction.php SQL Injection
An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php catid parameter. Using a post request does not sanitize the user input. id: CVE-2021-41649 info: name: PuneethReddyHC Online Shopping System homeaction.php SQL Injection...
Control Web Panel (CWP) - File Inclusion
In CWP Control Web Panel, previously CentOS Web Panel before version 0.9.8.1107, an unauthenticated attacker can abuse null byte %00 injection with the "scripts" parameter in the /user/loader.php or /user/login.php endpoints to register arbitrary API keys or access sensitive files. This can be...
D-Link DIR-615 - Unauthorized Access
D-Link DIR-615 devices with firmware 20.06 are susceptible to unauthorized access. An attacker can access the WAN configuration page wan.htm without authentication, which can lead to disclosure of WAN settings, data modification, and/or other unauthorized operations. id: CVE-2021-42627 info: name...
Open Automation Software OAS Platform V16.00.0121 - Missing Authentication
An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this...
Wavlink WN535K2/WN535K3 - OS Command Injection
Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in /cgi-bin/touchlistsync.cgi via manipulation of the argument IP. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary...
TP-Link TL-WR840N - Command Injection
The TP-Link TL-WR840NESV6.20180709 router contains a command injection vulnerability in the oalsetIp6DefaultRoute component. This vulnerability allows authenticated attackers to execute arbitrary system commands, leading to complete device compromise. id: CVE-2022-25061 info: name: TP-Link...
PrestaShop SmartBlog <4.0.6 - SQL Injection
PrestaShop SmartBlog by SmartDataSoft 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality. id: CVE-2021-37538 info: name: PrestaShop SmartBlog 4.0.6 - SQL Injection author: whoever severity: critical description: PrestaShop SmartBlog by SmartDataSoft 4.0.6 is...
VMware View Planner <4.6 SP1- Remote Code Execution
VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could...
ECOA Building Automation System - Directory Traversal Content Disclosure
The ECOA BAS controller suffers from a directory traversal content disclosure vulnerability. Using the GET parameter cpath in File Manager fmangersub, attackers can disclose directory content on the affected device id: CVE-2021-41291 info: name: ECOA Building Automation System - Directory Travers...
Sophos Firewall <= 19.0 MR1 - Remote Code Execution
Sophos Firewall version v19.0 MR1 and older is vulnerable to code injection in the User Portal and Webadmin, allowing a remote unauthenticated attacker to execute arbitrary code. id: CVE-2022-3236 info: name: Sophos Firewall = 19.0 MR1 - Remote Code Execution author: daffainfo severity: critical...
ZZZCMS zzzphp 2.1.0 - Remote Code Execution
ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via dangerkey at zzztemplate.php. id: CVE-2022-23881 info: name: ZZZCMS zzzphp 2.1.0 - Remote Code Execution author: pikpikcu severity: critical description: ZZZCMS zzzphp v2.1.0 is susceptible to a remote command...
Openemr < 7.0.0.1 - Cross-Site Scripting
Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. id: CVE-2022-2733 info: name: Openemr 7.0.0.1 - Cross-Site Scripting author: ctflearner severity: medium description: | Cross-site Scripting XSS - Reflected in GitHub repository openemr/openemr prior to...
VMware vRealize Log Insight - Path Traversal
he vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. id: CVE-2022-31706 info: name: VMware vRealize Log Insight - Path Traversal...
TP-Link - OS Command Injection
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840NEUV5171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field. id: CVE-2021-41653 info: name: TP-Link - OS Command Injection author: gy741 severity: critical...
SpaceLogic C-Bus Home Controller <=1.31.460 - Remote Command Execution
SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify...