Search Results (363407 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27047 1 Moguit 1 Mogu Blog Cms 2024-11-21 9.8 Critical
mogu_blog_cms 5.2 suffers from upload arbitrary files without any limitation.
CVE-2022-27043 1 Yearning 1 Yearning 2024-11-21 7.5 High
Yearning versions 2.3.1 and 2.3.2 Interstellar GA and 2.3.4 - 2.3.6 Neptune is vulnerable to Directory Traversal.
CVE-2022-27041 1 Os4ed 1 Opensis 2024-11-21 7.5 High
Due to lack of protection, parameter student_id in OpenSIS Classic 8.0 /modules/eligibility/Student.php can be used to inject SQL queries to extract information from databases.
CVE-2022-27022 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 9.8 Critical
There is a stack overflow vulnerability in the SetSysTimeCfg() function in the httpd service of Tenda AC9 V15.03.2.21_cn. The attacker can obtain a stable root shell through a constructed payload.
CVE-2022-27016 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 9.8 Critical
There is a stack overflow vulnerability in the SetStaticRouteCfg() function in the httpd service of Tenda AC9 15.03.2.21_cn.
CVE-2022-27008 1 F5 1 Njs 2024-11-21 7.5 High
nginx njs 0.7.2 is vulnerable to Buffer Overflow. Type confused in Array.prototype.concat() when a slow array appended element is fast array.
CVE-2022-27007 1 F5 1 Njs 2024-11-21 9.8 Critical
nginx njs 0.7.2 is affected suffers from Use-after-free in njs_function_frame_alloc() when it try to invoke from a restored frame saved with njs_function_frame_save().
CVE-2022-27005 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 8.8 High
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27004 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 8.8 High
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27003 1 Totolink 4 A7000r, A7000r Firmware, X5000r and 1 more 2024-11-21 8.8 High
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27002 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns、ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27001 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27000 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26999 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26998 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26997 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26996 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26995 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2024-11-21 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26994 1 Arris 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more 2024-11-21 9.8 Critical
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26993 1 Arris 6 Sbr-ac1200p, Sbr-ac1200p Firmware, Sbr-ac1900p and 3 more 2024-11-21 9.8 Critical
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.