A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An OS Command Injection vulnerability exists within myPRO Manager. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An OS command injection vulnerability has been reported to affect several product versions. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.