An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The vulnerability occurs because user-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd. Succe…

CVSS: 5.4 · CWE: CWE-77

View on NVD

Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions.

CVSS: 7.5 · CWE: CWE-125

View on NVD

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: use hweight16 to get correct tx antenna The chainmask is u16 so using hweight8 cannot get correct tx_ant. Without this patch, the tx_ant of band 2 would be -1 and lead to the following issue: BUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e]

CVSS: 5.5 · CWE: CWE-787

View on NVD

WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.

CVSS: 8.8 · CWE: CWE-75

View on NVD

sofa-hessian is an internal improved version of Hessian3/4 powered by Ant Group CO., Ltd. The SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party…

CVSS: 9.8 · CWE: CWE-74

View on NVD

File Upload vulnerability in unauthenticated session found in OpenText™ iManager 3.2.6.0200. The vulnerability could allow ant attacker to upload a file without authentication.

CVSS: 5.6 · CWE: CWE-20

View on NVD

Ant Media Server Community Edition in a default configuration is vulnerable to an improper HTTP header based authorization, leading to a possible use of non-administrative API calls reserved only for authorized users.  All versions up to 2.9.0 (tested) and possibly newer ones are believed to be vulnerable as the vendor has not confirmed releasing a patch.

CVSS: 5.4 · CWE: CWE-302

View on NVD

Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media Server running with Java Management Extensions (JMX) enabled and authentication disabled on localhost o…

CVSS: 7.8 · CWE: CWE-862

View on NVD

DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.

CVSS: 5.3 · CWE: CWE-532

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS. This issue affects E-Commerce Software: before 11.

CVSS: 5.4 · CWE: CWE-79

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS. This issue affects E-Commerce Software: before 11.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection. This issue affects E-Commerce Software: before 11.

CVSS: 9.8 · CWE: CWE-89

View on NVD

SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted `Toybox.Ant.BurstPayload` object, call its `add` method, override arbitrary memory and hijack the execution of the device's firmware.

CVSS: 9.8 · CWE: CWE-787

View on NVD

The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the execution of the device's firmware.

CVSS: 9.8 · CWE: CWE-120

View on NVD

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ssid, wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.

CVSS: 7.2 · CWE: CWE-77

View on NVD

There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. If an attacker gains web management privileges, they can inject commands into the post request parameters wl_ant, wl_rate, WL_atten_ctl, ttcp_num, ttcp_size in the httpd s Start_EPI() function, thereby gaining shell privileges.

CVSS: 7.2 · CWE: CWE-77

View on NVD

SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot co…

CVSS: 7.5 · CWE: CWE-436

View on NVD

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.

CVSS: 6.1 · CWE: CWE-79

View on NVD

SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.

CVSS: 9.8 · CWE: CWE-89

View on NVD

A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205839.

CVSS: 6.3 · CWE: CWE-89

View on NVD

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affecte…

CVSS: 5.5 · CWE: CWE-130

View on NVD

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected.

CVSS: 5.5 · CWE: CWE-130

View on NVD

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.

CVSS: 7.5 · CWE: CWE-379

View on NVD

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.

CVSS: 6.3 · CWE: CWE-668

View on NVD

In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script.

CVSS: 6.1 · CWE: CWE-79

View on NVD

Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624.

CVSS: 4.7 · CWE: CWE-79

View on NVD

There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

CVSS: 8.8 · CWE: CWE-352

View on NVD

Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVSS: 4.3 · CWE: CWE-79

View on NVD

SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.

CVSS: 7.5 · CWE: CWE-89

View on NVD

The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (fo…

CVSS: 4.3 · CWE: CWE-264

View on NVD

Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors.

CVSS: 10.0 · CWE: N/A

View on NVD

The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus 2007 8.1, Anti-Virus for Vista Beta 8.2, and CA Internet Security Suite 2007 v3.0 do not properly handle NULL buffers, which allows local users with administrative access to cause a denial of service (system crash) via certain IOCTLs.

CVSS: 6.6 · CWE: N/A

View on NVD

Format string vulnerability in CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP) r8 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a scan job with format strings in the description field.

CVSS: 7.5 · CWE: N/A

View on NVD

The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.

CVSS: 1.9 · CWE: CWE-59

View on NVD

Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive.

CVSS: 6.4 · CWE: N/A

View on NVD