CVE-2021-38436 FATEK Automation WinProladder

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a memory-corruption condition. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2021-38434 FATEK Automation WinProladder

FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could leverage this vulnerability to execute arbitrary code...

Stack overflow

FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code...

Foxit PDF Reader JPG2000 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PD...

(0Day) Fuji Electric Alpha5 Servo Operator C5P File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Alpha5. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing o...

Tuleap Open ALM 跨站脚本漏洞

Enalean Tuleap Open Alm is a free and open source tool from Enalean France. It is used for end-to-end traceability of application and system development. Tuleap Open ALM suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by a WEB...

Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fatek Automation WinProladder PDW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fatek Automation WinProladder PDW File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fatek Automation WinProladder. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Palo Alto Networks GlobalProtect 缓冲区错误漏洞

Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that originates when a network system or...

The vulnerability of the Bluetooth Classic microprogramming device implementations of Zhuhai Jieli ATS2815 and ATS2819 arises due to insufficient verification of input data. This allows a perpetrator to trigger a service failure.

The vulnerability of the Bluetooth Classic microprogramming device implementations of Zhuhai Jieli ATS2815 and ATS2819 exists due to insufficient verification of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures through the created LMP...

WordPress Enfold Enfold theme cross-site scripting vulnerability

WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress Enfold Enfold theme prior to 4.8.4, which originate...

The vulnerability of the microprogrammed software in Emerson WirelessHART Gateways of the 1420, 1410D, and 1410 series wireless hardware routers stems from insufficient verification of data entered by users. This allows a hacker to execute arbitrary code.

The vulnerability of the microprogramming software in Emerson WirelessHART Gateways models 1420, 1410D, and 1410 is related to insufficient verification of the data entered by the user in the recovery file. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary...

Tad TadTools Cross-Site Scripting Vulnerability

Tad TadTools is a module toolkit for individual developers at Tad in Taiwan, China. Used for module development, it can dramatically reduce the size of each module and speed up the development process. Tad TadTools suffers from a cross-site scripting vulnerability that originates from the lack of...

ProjectSend 跨站脚本漏洞

Projectsend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. Projectsend suffers from a cross-site scripting vulnerability that stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to...

WordPress WooCommerce plugin cross-site scripting vulnerability (CNVD-2021-100249)

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . The WordPress WooCommerce plugin suffers from a cross-sit...

The vulnerability of the Cypress WICED BT Bluetooth Classic stack implementation for the CYW20735B1 device arises due to insufficient validation of input data. This allows a malicious actor to trigger a service failure.

The vulnerability of the Cypress WICED BT Bluetooth Classic stack implementation for the CYW20735B1 device exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to cause service failure...

Netscaut nGeniusONE FDSQueryService Function Cross-Site Scripting Vulnerability

Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. A cross-site scripting vulnerability exists in Netscaut nGeniusONE in version 6.3.0 build 1196 and earlier, which stems from a lack of validation of user input data and filtering of...

FATEK Communication Server 安全漏洞

FATEK Communication Server is a video communication server from China's Yonghong Electric FATEK. A security vulnerability exists in FATEK Communication Server that stems from a lack of proper validation of user-supplied data in the affected product, which could lead to a stack-based buffer overfl...