CVE-2003-1003

Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service crash and reload via an SNMPv3 message when snmp-server is set...

EUVD-2019-0169

Malware in sbrugna...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as root via CLI commands...

CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the...

Crowd DC Critical Security Misconfiguration Vulnerability - CVE-2022-43782

Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and call privileged endpoints in Crowd's REST API under the usermanagement path. This vulnerability can only be exploited by IPs specified under the crowd application...

Design/Logic Flaw

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request...

CVE-2021-26248

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor...

Code injection

Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor...

Design/Logic Flaw

Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource...

CVE-2021-26248

CVE-2021-26248 affects Philips MRI 1.5T and MRI 3T (Version 5.x.x). The vulnerability is an Incorrect Ownership Assignment (CWE-708) where a resource is assigned to an owner outside the intended control sphere, enabling improper access control. The incident is documented with a CVSS v3 base score...

CVE-2021-42744 Philips MRI 1.5T and 3T Information Exposure

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor...

Design/Logic Flaw

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the syste...

CVE-2019-10168

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...

CVE-2019-10166

It was discovered that libvirtd, versions 4.x.x before 4.10.1 and 5.x.x before 5.4.1, would permit readonly clients to use the virDomainManagedSaveDefineXML API, which would permit them to modify managed save state files. If a managed save had already been created by a privileged user, a local...

CVE-2019-10168

The virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain's...

Remote Code Execution in pg

Affected versions of pg contain a remote code execution vulnerability that occurs when the remote database or query specifies a crafted column name. There are two specific scenarios in which it is likely for an application to be vulnerable: 1. The application executes unsafe, user-supplied sql...

ToursManager (tourview.php tourid) Blind SQL Injection Vulnerability

No description provided by source. Name:-- ToursManager PhP Script = Blind Sql Injection Discovered by:-- XaDoS ContacT m&:-- xadosathotmail.it Site:-- http://www.toursmanager.com ■ £XpLoIT: |: http://www.demosite.com/tourview.php?tourid=2%20and%201=1-- true |:...

ToursManager - 'tourview.php' Blind SQL Injection

Name:-- ToursManager PhP Script Discovered by:-- XaDoS ContacT m&:-- xadosathotmail.it Site:-- http://www.toursmanager.com ■£XpLoIT: |: http://www.demosite.com/tourview.php?tourid=2%20and%201=1-- true |: http://www.demosite.com/tourview.php?tourid=2%20and%201=0-- false Version: |:...