Vulnerabilidades CVE

EXFO - BV-10 Performance Endpoint Unit Undocumented privileged user. Unit has an undocumented hard-coded privileged user.

A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may ...

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specia...

EXFO - BV-10 Performance Endpoint Unit authentication bypass User can manually manipulate access enabling authentication bypass.

D-Link DIR-3040 device with firmware 120B03 was discovered to contain a command injection vulnerability via the SetTriggerLEDBlink function.

Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulner...

vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive use...

Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user infor...

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.

Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.

Lead Management System v1.0 is vulnerable to SQL Injection via the user_id parameter in changePassword.php.

Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.

Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeOrder.php.

Mutiny 7.2.0-10788 suffers from Hardcoded root password.

There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.

Helmet Store Showroom v1.0 vulnerable to unauthenticated SQL Injection.

An improper limitation of a pathname to a restricted directory vulnerability was identified in GitHub Enterprise Server that enabled remote code execution. A check was added within Pages to ensure the...

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=save_queue.

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/ajax.php?action=delete_transaction.

A thread security vulnerability exists in the authentication process. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability.

vRealize Network Insight (vRNI) contains a command injection vulnerability present in the vRNI REST API. A malicious actor with network access to the vRNI REST API can execute commands without authent...

logrocket-oauth2-example through 2020-05-27 allows SQL injection via the /auth/register username parameter.

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.

Tenda F1203 V2.0.1.6 was discovered to contain a command injection vulnerability via the mac parameter at /goform/WriteFacMac.

pfSense pfBlockerNG through 2.1.4_27 allows remote attackers to execute arbitrary OS commands as root via the HTTP Host header, a different vulnerability than CVE-2022-31814.

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Prov...

A deserialization issue discovered in inikulin replicator before 1.0.4 allows remote attackers to run arbitrary code via the fromSerializable function in TypedArray object.

pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int).

pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc.

Softr v2.0 was discovered to be vulnerable to HTML injection via the Name field of the Account page.

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Exploitation of this vulnerab...

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co...

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Exploitation of this vulnerabil...

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Exploitation of this vulnerability co...

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Exploitation of this vulnerability co...

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Exploitation of this vulnerab...

Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.

An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.

WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php.

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.

In TOTOLINK X6000R V9.4.0cu.852_B20230719, the shttpd file, sub_4119A0 function obtains fields from the front-end through Uci_ Set_ The Str function when passed to the CsteSystem function creates a co...

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Exploitation of this vulnerability co...

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.

Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Exploitation of this vulnerabili...

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5 the __sflush() stdio function in libc does not correctly update FILE objects' write space...

An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the managemen...