This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order...
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order...
The api/ZRIGMP/set_MLD_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the MLD_PROXY_WAN_CONNECT parameter. Date published : 2021-04-29 http://iot.10086.cn/?l=en-us https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection7.md
The api/ZRIptv/setIptvInfo interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iptv_vlan parameter. Date published : 2021-04-29 http://iot.10086.cn/?l=en-us https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection8.md
The api/ZRIGMP/set_IGMP_PROXY interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the IGMP_PROXY_WAN_CONNECT parameter. Date published : 2021-04-29 http://iot.10086.cn/?l=en-us https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection6.md
The api/zrDm/set_ZRElink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the bssaddr, abiaddr, devtoken, devid, elinksync, or elink_proc_enable parameter. Date published :...
The api/ZRFirmware/set_time_zone interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the zonename parameter. Date published : 2021-04-29 http://iot.10086.cn/?l=en-us https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection5.md
The api/zrDm/set_zrDm interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dm_enable, AppKey, or Pwd parameter. Date published : 2021-04-29 http://iot.10086.cn/?l=en-us https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection3.md
The api/ZRAndlink/set_ZRAndlink interface in China Mobile An Lianbao WF-1 router 1.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the iandlink_proc_enable parameter. Date published : 2021-04-29 http://iot.10086.cn/?l=en-us https://github.com/pokerfacett/MY_REQUEST/blob/master/China%20Mobile%20An%20Lianbao%20WF-1%20router%20Command%20Injection2.md
Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0. Date published : 2021-04-29 https://github.com/emlog/emlog/issues/79
Cross Site Request Forgery (CSRF) in Rukovoditel v2.8.3 allows attackers to create an admin user with an arbitrary credentials. Date published : 2021-04-29 https://forum.rukovoditel.net/viewtopic.php?f=19&t=2760 https://gist.github.com/victomteng1997/d5f2db1d37aed5792c28685068ec41e2
samurai 1.2 has a NULL pointer dereference in printstatus() function in build.c via a crafted build file. Date published : 2021-04-29 https://github.com/michaelforney/samurai/commit/d2af3bc375e2a77139c3a28d6128c60cd8d08655 https://github.com/michaelforney/samurai/issues/68
samurai 1.2 has a NULL pointer dereference in writefile() in util.c via a crafted build file. Date published : 2021-04-29 https://github.com/michaelforney/samurai/commit/e84b6d99c85043fa1ba54851ee500540ec206918 https://github.com/michaelforney/samurai/issues/67
Directory Traversal in the fileDownload function in com/java2nb/common/controller/FileController.java in Novel-plus (小说精品屋-plus) 3.5.1 allows attackers to read arbitrary files via the filePath parameter. Date published : 2021-04-29 https://github.com/201206030/novel-plus/issues/39 https://www.exploit-db.com/exploits/49724