LogonTracer <=1.2.0 - Remote Command Injection

LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. id: CVE-2018-16167 info: name: LogonTracer =1.2.0 - Remote Command Injection author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execu...

TVT NVMS 1000 - Local File Inclusion

TVT NVMS-1000 devices allow GET /.. local file inclusion attacks. id: CVE-2019-20085 info: name: TVT NVMS 1000 - Local File Inclusion author: daffainfo severity: high description: | TVT NVMS-1000 devices allow GET /.. local file inclusion attacks. impact: | An attacker can exploit this...

Drupal - Remote Code Execution

Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10 V contain certain field types that do not properly sanitize data from non-form sources, which can lead to arbitrary PHP code execution in some cases. id: CVE-2019-6340 info: name: Drupal - Remote Code Execution author: madrobot severity:...

WSO2 Management - Arbitrary File Upload & Remote Code Execution

Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This affects WSO2 API Manager 2.2.0 and above through 4.0.0; WSO2 Identity Server 5.2.0 and above through 5.11.0; WSO2 Identity Server Analytics 5.4.0, 5.4.1, 5.5.0, and 5.6.0; WSO2 Identity Server as Key...

D-Link - Unauthenticated Remote Code Execution

OS command injection vulnerability in soap.cgi soapcgimain in cgibin in D-Link DIR-880L DIR-880LREVAFIRMWAREPATCH1.08B04 and previous versions, DIR-868L DIR868LA1FW112b04 and previous versions, DIR-65L DIR-865LREVAFIRMWAREPATCH1.08.B01 and previous versions, and DIR-860L DIR860LA1FW110b04 and...

Dasan GPON Devices - Remote Code Execution

Dasan GPON home routers are susceptible to command injection which can occur via the desthost parameter in a diagaction=ping request to a GponForm/diagForm URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to...

rConfig 3.9.2 - Remote Code Execution

rConfig 3.9.2 is susceptible to a remote code execution vulnerability. An attacker can directly execute system commands by sending a GET request to ajaxServerSettingsChk.php because the rootUname parameter is passed to the exec function without filtering, which can lead to command execution. id:...

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions. id: CVE-2019-7192 info: name: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution...

Western Digital MyCloud NAS - Authentication Bypass

It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the...

ThinkPHP 5.0.23 - Remote Code Execution

An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\think\Request/input&filter=phpinfo&data=1 query string. id: CVE-2018-20062 info: name: ThinkPHP...

Elementor Website Builder - Remote Code Execution

The Elementor Website Builder plugin for WordPress versions 3.6.0 to 3.6.2 are vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file. This makes it possible for attackers to modify site data and upload...

Hikvision - Authentication Bypass

Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0...

GLPI <=10.0.2 - Remote Command Execution

GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module. id: CVE-2022-35914 info: name: GLPI =10.0.2 - Remote Command Execution author: For3stCo1d,allendemoura severity: critical description: | GLPI through 10.0...

Hitachi Pentaho Business Analytics Server - Remote Code Execution

Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby...

Cacti <=1.2.22 - Remote Command Injection

Cacti through 1.2.22 is susceptible to remote command injection. There is insufficient authorization within the remote agent when handling HTTP requests with a custom Forwarded-For HTTP header. An attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS...

Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution

Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a...

Rocket.Chat <=3.13 - NoSQL Injection

Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated access to an API endpoint. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected...

WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload

WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code execution. id:...

Symmetricom SyncServer Unauthenticated - Remote Command Execution

Microchip Technology Microsemi SyncServer S650 was discovered to contain a command injection vulnerability. id: CVE-2022-40022 info: name: Symmetricom SyncServer Unauthenticated - Remote Command Execution author: DhiyaneshDK,mielverkerken severity: critical description: | Microchip Technology...

Hitachi Pentaho Business Analytics Server - Bypass Authorization

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented. id: CVE-2022-43939 info: name: Hitachi Pentaho Business Analytics Server - Bypass Authorization author: daffainf...

Oracle WebLogic Server Local File Inclusion

An easily exploitable local file inclusion vulnerability allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Successful attacks of this vulnerability can...

QNAP QTS Photo Station External Reference - Local File Inclusion

QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1...

Webmin <1.990 - Improper Access Control

Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without enterin...

Sophos Firewall <=18.5 MR3 - Remote Code Execution

Sophos Firewall version v18.5 MR3 and older contains an authentication bypass vulnerability in the User Portal and Webadmin which could allow a remote attacker to execute code. id: CVE-2022-1040 info: name: Sophos Firewall =18.5 MR4 to mitigate this vulnerability. reference: -...

Sophos Firewall <= 19.0 MR1 - Remote Code Execution

Sophos Firewall version v19.0 MR1 and older is vulnerable to code injection in the User Portal and Webadmin, allowing a remote unauthenticated attacker to execute arbitrary code. id: CVE-2022-3236 info: name: Sophos Firewall = 19.0 MR1 - Remote Code Execution author: daffainfo severity: critical...

TerraMaster TOS < 4.2.30 Server Information Disclosure

TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure. id: CVE-2022-24990 info: name: TerraMaster TOS 4.2.30 Server Information Disclosure author: dwisiswant0 severity: high description: TerraMaster NAS devices running TOS prior to version 4.2.30 are...

FLIR AX8 1.46.16 - Remote Command Injection

FLIR AX8 version 1.46.16 and below is susceptible to an unauthenticated remote command injection vulnerability.The vulnerability exists in the alarm functionality where user-supplied input in the 'id' parameter is not properly sanitized,allowing attackers to inject and execute arbitrary OS...

DotCMS - Arbitrary File Upload

DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions. id: CVE-2022-26352 info: name: DotCMS - Arbitrary File Upload author: h1ei1 severity: critical description: DotCM...

IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution

IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations...

AirFlow < 2.4.0 - Remote Code Execution

A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided runid parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. id: CVE-2022-40127 info: name: AirFlow 2.4.0 -...

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

Apache 2.4.49 - Path Traversal and Remote Code Execution

A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by "require all denied" these requests can succeed...

Cisco HyperFlex HX Data Platform - Remote Command Execution

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1498 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...

Dahua IPC/VTH/VTO - Authentication Bypass

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets. id: CVE-2021-33045 info: name: Dahua IPC/VTH/VTO - Authentication Bypass author: phantomowl severity:...

Sunhillo SureLine <8.7.0.1.1 - Unauthenticated OS Command Injection

Sunhillo SureLine 8.7.0.1.1 is vulnerable to OS command injection. The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request...

F5 iControl REST - Remote Command Execution

F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before...

Apache Log4j2 - Remote Code Injection

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. id: CVE-2021-45046 info: name: Apache Log4j2 - Remote Code Injection author: ImNightmaree severity: critical description: Apache Log4j2 Thread Context Lookup Pattern is...

Open Web Analytics 1.7.3 - Remote Code Execution

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

Fortinet FortiNAC - Arbitrary File Write

Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute...

VMware View Planner <4.6 SP1- Remote Code Execution

VMware View Planner 4.x prior to 4.6 Security Patch 1 contains a remote code execution vulnerability due to improper input validation and lack of authorization leading to arbitrary file upload in logupload web application. An unauthorized attacker with network access to View Planner Harness could...

Wordpress Tatsubuilder <= 3.3.11 - Remote Code Execution

An unrestricted file upload in WordPress Tatsubuilder plugin version = 3.3.11 enables an unauthenticated attacker to perform a remote code execution RCE on the server host due to multiple weaknesses in the font import feature and put 100,000 websites at risk. id: CVE-2021-25094 info: name:...

VMWare Workspace ONE UEM - Server-Side Request Forgery

VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain a server-side request forgery vulnerability. This issue may allow a malicious actor with network access to UEM to send their requests without...

Tenda Router AC11 - Remote Command Injection

Tenda Router AC11 is susceptible to remote command injection vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-31755 info: name: Tenda Router AC11 - Remote Comman...

D-Link DIR-605 - Information Disclosure

An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version - 2.01MT. An attacker can obtain a user name and password by forging a post request to the / getcfg.php page id: CVE-2021-40655 info: name: D-Link DIR-605 - Information Disclosure author: DhiyaneshDK severity: high...

Icinga Web 2 - Arbitrary File Disclosure

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. id: CVE-2022-24716 info:...

Fortinet - Authentication Bypass

Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative...

XStream <1.4.16 - Remote Code Execution

XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitrary code from a remote host via manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative...

ASUS GT-AC2900 - Authentication Bypass

ASUS GT-AC2900 devices before 3.0.0.4.386.42643 allows authentication bypass when processing remote input from an unauthenticated user, leading to unauthorized access to the administrator application. This relates to handlerequest in router/httpd/httpd.c and authcheck in webhook.o. An...

Nagios XI < 5.8.6 - Cross-Site Scripting

In Nagios XI before 5.8.6, XSS exists in the dashboard page /dashboards/ when administrative users attempt to edit a dashboard. id: CVE-2021-38156 info: name: Nagios XI 5.8.6 - Cross-Site Scripting author: ritikchaddha severity: medium description: | In Nagios XI before 5.8.6, XSS exists in the...

Cobbler <3.3.0 - Remote Code Execution

Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via an XMLRPC method. id: CVE-2021-40323 info: name: Cobbler 3.3.0 - Remote Code Execution author: c-sh0 severity: critical description: Cobbler before 3.3.0 allows log poisoning and resultant remote code execution via ...