Microsoft Windows user32 Cursor Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft SharePoint Business Data Connectivity Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication as a high-privileged user is required to exploit this vulnerability. The specific flaw exists within the Business Data Connectivity Service. The issue results fro...

Input Validation Error Vulnerability in Multiple Qualcomm Products (CNVD-2020-20161)

Qualcomm MDM9206 and others are products of Qualcomm Incorporated.MDM9206 is a central processing unit CPU product.Qualcomm MDM9150 is a central processing unit CPU product.SDX20 is a modem. An input validation error vulnerability exists in HLOS in multiple Qualcomm products. The vulnerability...

The vulnerability of Cisco Enterprise NFV Infrastructure Software (NFVIS) arises from insufficient validation of input data, allowing attackers to disclose sensitive information that should be protected.

The vulnerability of Cisco Enterprise NFV Infrastructure Software NFVIS exists due to insufficient testing of input data. Exploiting this vulnerability could allow a attacker to disclose protected information...

Red Lion Crimson CD31 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Red Lion Crimson. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cisco Email Security Virtual Appliance C600V IronPort Header Injection

!/usr/bin/perl -w Cisco Email Security Virtual Appliance C600V IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todo...

Sentrifugo Cross-Site Scripting Vulnerability

Sentrifugo is a human resource management system. The system includes functions for human resources management, performance appraisal, recruitment management and asset management. A cross-site scripting vulnerability exists in Sentrifugo version 3.2. The vulnerability stems from the WEB applicati...

Cisco Email Security Virtual Appliance C370 IronPort Header Injection

!/usr/bin/perl -w Cisco Email Security Virtual Appliance C370 IronPort Remote Header 'Host' Injection Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that Todor...

The vulnerability of the command-line interface of the Cisco Integrated Management Controller, a remote administration tool, allows a hacker to elevate their privileges to the root level.

The vulnerability of the command-line interface of the Cisco Integrated Management Controller remote administration software is related to insufficient validation of entered data. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

WordPress wp-plotly plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. wp-plotly is a plugin for embedding interactive Plotly charts in pages. A cross-site scripting vulnerability exists in the WordPress...

WordPress timesheet plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress timesheet plugin versions prior to 0.1.5. The...

WordPress newstatpress plugin cross-site scripting vulnerability (CNVD-2019-30374)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. newstatpress is a plugin used in it for real-time statistics on blog visits. A cross-site scripting vulnerability exists in the...

WordPress import-users-from-csv-with-meta plugin cross-site scripting vulnerability (CNVD-2020-22384)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. import-users-from-csv-with-meta is a user data import plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

MantisBT Cross-Site Scripting Vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. MantisBT suffers from a cross-site scripting vulnerability. The vulnerability stems from the lack of proper validati...

WordPress my-wp-translate plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. my-wp-translate is a language translation plugin used in it. A cross-site scripting vulnerability exists in the WordPress...

Adobe Acrobat Reader DC XFA aliasNode Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...

Adobe Photoshop PostScript drop Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

FUEL CMS Cross-Site Scripting Vulnerability (CNVD-2019-41832)

FUEL CMS is a content management system CMS based on the Codelgniter framework. A cross-site scripting vulnerability exists in the Create Blocks section of the Admin console in FUEL CMS version 1.4.4, which stems from a lack of proper validation of client-side data in the WEB application and can ...

Adobe Photoshop PostScript put Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Adobe Photoshop PostScript put Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...