Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability that could allow an attacker to execute code in the context of the root user on a vulnerable CGI file was discovered in Western Digital My Cloud OS 5 devicesThis issue affects My Cloud OS 5: before 5.26.119. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.Ī command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user. Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.Ī vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Incorrect Access Control in the module "My inventory" (myinventory) get_request()` one could inspect the returned `HTTP::Request` object. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch.
This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. Kiwi TCMS is an open source test management system. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Ĭross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. The identifier of this vulnerability is VDB-232952. The manipulation of the argument filename leads to unrestricted upload. Affected by this issue is some unknown functionality of the file /settings/account of the component My Profile Page. A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical.
0 kommentar(er)
