In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. "IBM InfoSphere Information Server 11.7 is potentially vulnerable to CSV Injection. Stimulsoft (aka Stimulsoft Reports) 20.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by. Xfig 3.2.7 is vulnerable to Buffer Overflow. Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to improper neutralization of special elements in output, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition. MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.ĭ-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
0 kommentar(er)
