CVE-2023-32968

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2025-32968

The CVE-2025-32968 issue affects XWiki Platform (org.xwiki.platform:xwiki-platform-oldcore) where a user with SCRIPT right can escape the HQL context via the script query API and perform blind SQL injection. Affected versions span 1.6-milestone-1 up to but not including 15.10.16, 16.4.6, and 16.1...

CVE-2025-32968 org.xwiki.platform:xwiki-platform-oldcore allows SQL injection in short form select requests through the script query API

XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute arbitrary SQL statements on the database backend...

QNAP QuTS hero Multiple Vulnerabilities (QSA-23-07)

QNAP QuTS hero is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutshero"; ifdescriptio...

QNAP QTS Multiple Vulnerabilities (QSA-23-07)

QNAP QTS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

CVE-2023-32968 QTS, QuTS hero

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-32968

CVE-2023-32968 describes a buffer copy without input size checking that affects several QNAP OS versions. The vulnerability could allow an authenticated administrator to execute code over the network. Affected software is QNAP QTS/QuTS hero (QTS 5.x and QuTS hero) where the issue is risk-prone in...

Moxa NPort IAW5000A-I/O Series Serial Device Server Buffer Copy Without Checking Size of Input (CVE-2021-32968)

Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

CVE-2021-32968

Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition...

CVE-2021-32968 Moxa NPort IAW5000A-I/O Series Serial Device Server Classic Buffer Overflow

Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition...

CVE-2021-32968 Moxa NPort IAW5000A-I/O Series Serial Device Server Classic Buffer Overflow

Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition...

CVE-2021-32968

CVE-2021-32968 affects Moxa NPort IAW5000A-I/O Series Serial Device Server firmware version 2.2 and earlier, where two buffer overflows in the built-in web server may allow a remote attacker to cause a denial-of-service. The vulnerability is documented across multiple sources (NVD, Red Hat, ICS-C...

Moxa NPort IAW5000A-I/O Series Serial Device Server

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: NPort IAW5000A-I/O Series Wireless Device Server Vulnerabilities: Classic Buffer Overflow, Stack-based Buffer Overflow, Improper Input Validation, OS Command Injection 2. RISK EVALUATION...

HP OVIS Probe Builder Service (PBOVISServer.exe) Arbitrary Remote Process Termination

HP OpenView Internet Services OVIS is installed on the remote host. It provides a single, integrated view of an organization's Internet infrastructure. The Probe Builder component included with the installation of HP OVIS on the remote host allows an unauthenticated, remote attacker to terminate...

iDefense Security Advisory 07.28.08: Hewlett-Packard OVIS Probe Builder Arbitrary Process Termination Vulnerability

iDefense Security Advisory 07.28.08 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 28, 2008 I. BACKGROUND Hewlett-Packard's Internet Services provides end-user emulation of major business applications and a single integrated view of the Internet infrastructure. For more information,...

DoS through HP OpenView Internet Services Probe Builder

It's possible to terminate any system process through TCP/32968...