59 matches found
KLA11193 Multiple vulnerabilities in Adobe Arcobat&Reader
Multiple serious vulnerabilities have been found in Adobe Acrobat and Adobe Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code and gain priveleges. Below is a complete list of vulnerabilities: 1. Use-after-free vulnerabilities can be exploited to execute arbitrary...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data...
CVE-2017-17411
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data...
CVE-2017-17411
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Linksys WVBR0. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management portal. The issue lies in the lack of proper validation of user data...
CVE-2017-17411
CVE-2017-17411 affects Linksys WVBR0-25/WVBR0 devices (Wireless Video Bridge). The flaw is an OS command injection in the web management portal caused by insufficient input validation, allowing an unauthenticated remote attacker to execute commands with root privileges via the User-Agent header. ...
JVN#80157683: SetucoCMS multiple vulnerabilities
SetucoCMS provided by SetucoCMS Project is a content management system CMS. SetucoCMS contains multiple vulnerabilities listed below. Cross-site request forgery - CVE-2016-4891 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N| Base Score: 5.4 CVSS v2|...
Security feature bypass
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892...
CVE-2015-4892
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4917...
CVE-2015-4892
Technical details such as affected product/version, root cause, and remediation are not publicly available in the provided documents. Monitor for updates.
CVE-2014-4892
The CVE-2014-4892 entry affects the uControl Smart Home Automation Android app (version 1.2). The underlying issue is that the application does not verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive information via a crafted cert...
CVE-2012-4892
CVE-2012-4892 describes multiple XSS vulnerabilities in FlatnuX CMS 2012-03.08 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via the (1) title_en, (2) summary_en, or (3) body_en parameters in a submitnews action to the news module, and are noted as a differ...
CVE-2010-4892
The CVE-2010-4892 entry describes a Cross-site Scripting (XSS) vulnerability in the TYPO3 powermail extension prior to 1.5.5. Affected component: powermail extension for TYPO3. Root cause: XSS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Impact: not quan...
CVE-2009-4892
CVE-2009-4892: WEBjump! contains SQL injection in a CMS. Remote attackers can exploit via the id parameter to portfolio_genre.php and news_id.php to execute arbitrary SQL. CVSS v2 base score 7.5 (HIGH). Root cause: insufficient sanitization of user input. Exploitation details are provided in mult...
Fedora Core 11 FEDORA-2009-4892 (opensc)
The remote host is missing an update to opensc announced via advisory FEDORA-2009-4892. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
CVE-2009-4892
creationtimestamp| type| source ---|---|--- 2009-03-10 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8188...
CVE-2008-4892
Cross-site scripting XSS vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from third party...
CVE-2008-4892
Cross-site scripting XSS vulnerability in gallery.inc.php in Planetluc MyGallery 1.7.2 and earlier, and possibly other versions before 1.8.1, allows remote attackers to inject arbitrary web script or HTML via the mghash parameter. NOTE: some of these details are obtained from third party...
CVE-2007-4892
CVE-2007-4892 describes multiple SQL injection vulnerabilities in SWSoft Plesk versions 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows. The underlying issue is SQL injection via the PLESKSESSID cookie, exploitable through (1) login.php3 and (2) auth.php3, allowing remote attackers to execute arbitrar...
CVE-2006-4892
CVE-2006-4892 concerns an SQL injection in Techno Dreams’ FAQ Manager Package 1.0, exploitable via the key parameter in faqview.asp. The vulnerability allows remote attackers to alter or reveal data by injecting arbitrary SQL commands. The NVD entry associates a high base score (7.5) with network...