D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. Date published : 2022-05-02 https://github.com/F0und-icu/TempName/tree/main/Dlink-823pro https://www.dlink.com/en/security-bulletin/
Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function Date published : 2022-05-02 https://github.com/F0und-icu/TempName/tree/main/TendaAX18
D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. Date published : 2022-05-02 https://github.com/F0und-icu/TempName/tree/main/Dlink-882 https://www.dlink.com/en/security-bulletin/
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. Date published : 2022-05-02 http://siteserver.com https://github.com/Richard-Tang/SSCMS-PluginShell/blob/main/Detail.md
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php. Date published : 2022-05-02 https://github.com/gongfuxiang/shopxo/issues/66
Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value. Date published : 2022-05-02 https://www.vandyke.com/support/advisory/2022/02/remote-execution-via-triggers.html
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. Date published : 2022-05-02 密码保护:Ruijie-NBR Any file read vulnerability
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. Date published : 2022-05-02 https://www.adminxe.com/3651.html
MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. Date published : 2022-05-02 https://github.com/ming-soft/MCMS/issues/90
Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 Date published : 2022-05-02 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 Date published : 2022-05-02 https://www.microfocus.com/documentation/access-manager/5.0/accessmanager502-release-notes/accessmanager502-release-notes.html#t4f2msu33v8h
Links may not be rewritten according to policy in some specially formatted emails. Date published : 2022-05-02 https://www.menlosecurity.com/published-security-vulnerabilities/
APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed...
Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This...