Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. For more information about these vulnerabilities, see the Details section of this advisory.ĭairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.Īn issue was discovered in MISP before 2.4.158. Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.Ī directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |