Out-of-bounds

Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could result in multiple out-of-bounds write instances. An attacker could leverage this vulnerability to execute code in the context of the current process...

Heap overflow

Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process...

The vulnerability of the microprogrammed logic controller Schneider Electric Modicon M340, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 relates to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by sending specially crafted GET requests to port 80...

XssHunter-Express 授权问题漏洞

XssHunter-Express is used to test and find blind XSS. XssHunter-Express suffers from an Authorization Problem vulnerability that stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

Ec-cube 跨站脚本漏洞

Ec-cube is an open source e-commerce system from the Japanese company Ec-cube. EC-CUBE suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute client-side code...

Adobe InDesign BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP...

Adobe FrameMaker PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PD...

Adobe InDesign TIF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe InDesign. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF...

Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...

Siemens Simcenter Femap Out-of-Bounds Reading Vulnerability

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. An out-of-bounds read vulnerability exists in Siemens Simcenter Femap, which is used to create, edit, and import/reuse mesh-based finite element analysis models of complex products or systems. When...

Siemens Simcenter STAR-CCM+ SCE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter STAR-CCM+. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-37176

A vulnerability has been identified in Simcenter Femap V2020.2 All versions, Simcenter Femap V2021.1 All versions. The femap.exe application lacks proper validation of user-supplied data when parsing modfem files. This could result in an out of bounds read past the end of an allocated buffer. An...

(0Day) Autodesk Navisworks DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk Navisworks. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Beego 跨站脚本漏洞

Beego is an open source web framework based on the Go language. Beego 2.0.1 suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

Maccms 跨站脚本漏洞

A security vulnerability exists in Maccms, a PHP-based film and television content management system CMS, due to a failure to validate data in the Chinese and English fields in the product's backend administrator post management module. An attacker can obtain administrator and user cookies throug...

IBM Financial Transaction Manager 跨站脚本漏洞

IBM Financial Transaction Manager is a financial transaction manager from IBM Corporation. A cross-site scripting vulnerability exists in IBM Financial Transaction Manager, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

shiro8 List 跨站脚本漏洞

shiro8 List is a plugin from the Japanese company shiro8 that displays and adds addresses and phone numbers to the order list of the order owner. A cross-site scripting vulnerability exists in shiro8 List, which originates. The vulnerability exists because the affected version of the software doe...

WordPress 插件 跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. WordPress Simple Matted Thumbnails suffers fr...

WordPress 插件 跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. The WordPress Notices plugin suffers from a cross-site scripting vulnerability that stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute...