On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.
D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.
Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.
Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.
Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.
In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.
Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.
An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.
Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.