A vulnerability in the Apache Solr Velocity template allows unauthenticated attackers to execute arbitrary OS commands.
Server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions.
If an SMTP server has been configured, then an unauthenticated user can execute code on vulnerable systems using the ContactAdministrators action if the "Contact Administrators Form" is enabled; or an authenticated user can execute code on vulnerable systems using the SendBulkMail action if the user has "JIRA Administrators" access.
If an SMTP server has been configured, then an unauthenticated user can execute code on vulnerable systems using the ContactAdministrators action if the "Contact Administrators Form" is enabled; or an authenticated user can execute code on vulnerable systems using the SendBulkMail action if the user has "JIRA Administrators" access.
An unauthenticated attacker can send a malicious SOAP request to the interface WLS AsyncResponseService to execute code on the vulnerable host.
The attacker must have network access to the Oracle Weblogic Server T3 interface.
The attacker must have network access to the Oracle Weblogic Server T3 interface.
The Widget Connector macro in Atlassian Confluence Server allows remote attackers to achieve path traversal and remote code execution via server-side template injection.
This update adds support to control the FTP Server port number and socket timeout.
This update adds support to control the FTP Server port number and socket timeout.
The Widget Connector macro in Atlassian Confluence Server allows remote attackers to achieve path traversal and remote code execution via server-side template injection.
RESTful Web Services Module does not properly sanitize data from non-form sources. A vulnerability in this approach allows an unauthenticated attacker to send specially crafted requests resulting in arbitrary PHP execution.
Opsview Web Management console allows to an authenticated administrator to test notifications that are triggered under certain configurable events.
The 'value' parameter is not properly sanitized, leading to an arbitrary command injection executed on the system with nagios user privileges.
The 'value' parameter is not properly sanitized, leading to an arbitrary command injection executed on the system with nagios user privileges.
SoftNAS Cloud is a software-defined NAS filer delivered as a virtual storage appliance that runs within public, private or hybrid clouds. SoftNAS Cloud provides enterprise-grade NAS capabilities, including encryption, snapshots, rapid rollbacks, and cross-zone high-availability with automatic failover.
A command injection vulnerability was found in the web administration console. In particular, snserv script did not sanitize some input parameters before executing a system command.
A command injection vulnerability was found in the web administration console. In particular, snserv script did not sanitize some input parameters before executing a system command.
Cisco UCS Manager contains a OS Command Injection vulnerability in /settings/ping function, which allows unauthenticated attackers to gain arbitrary code execution on the affected system.
QNAP Qcenter Virtual Appliance contains multiples vulnerabilities which allows authenticated attackers to gain arbitrary code execution on the affected system with root privileges.