Двухкамерный холодильник Reex RF 18830 DNF S в наличии Цена: 27900.00 ₽ КУПИТЬ
An issue was discovered in com\mingsoft\basic\action\web\FileAction.java in MCMS 4.6.5. Since the upload interface does not verify the user login status, you can use this interface to upload files without setting a cookie. First, start an upload of JSP code with a .png filename, and then intercept the data packet. In the name parameter, change the suffix to jsp. In the response, the server returns the storage path of the file, which can be accessed to execute arbitrary JSP code.
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow OS Command Injection. The embedded 'dongle_bridge' program used to expose the functionalities of the ClickShare Button to a USB host, is vulnerable to OS command injection vulnerabilities. These vulnerabilities could lead to code execution on the ClickShare Button with the privileges of the user 'nobody'.
Certain NETGEAR devices are affected by vertical privilege escalation. This affects M4300-28G before 184.108.40.206, M4300-52G before 220.127.116.11, M4300-28G-POE+ before 18.104.22.168, M4300-52G-POE+ before 22.214.171.124, M4300-8X8F before 126.96.36.199, M4300-12X12F before 188.8.131.52, M4300-24X24F before 184.108.40.206, M4300-24X before 220.127.116.11, M4300-48X before 18.104.22.168, and M4200 before 22.214.171.124.