77 matches found
Advantech WebAccess/SCADA Out-of-Bounds Write Vulnerability
Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, Taiwan, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. An out-of-bounds write vulnerability...
SQL injection vulnerability in Tpshop v3.5 Ar***.php page (CNVD-2019-18764)
Tpshop is a set of multi-merchant mode developed by Shenzhen Soleil Networks Limited mall system. A SQL injection vulnerability exists in the Tpshop v3.5 Ar.php page. Attackers can use the vulnerability to obtain sensitive information in the database...
FreeBSD rtld execl elevation of privilege vulnerability (CNVD-2019-15522)
FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. An elevation of privilege vulnerability exists in the rtld function of Run-Time Link-Editor rtld in libexec/rtld-elf/rtld.c in FreeBSD versions 7.1 and 8.0. The vulnerability stems from a lack of effective...
File Containment Vulnerability in DM Website System Backend
DM building system is developed by php + mysql a set of specialized for small and medium-sized enterprise website construction of open source cms. DM website builder system has a file inclusion vulnerability , attackers can use the vulnerability to obtain sensitive information...
IBM DB2 Elevation of Privilege Vulnerability (CNVD-2019-07257)
IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 including DB2 Connect Server based on Linux, UNIX and Windo...
SQL Injection Vulnerability in the jdo*** Component jdo*** Module of joomla!
joomla! is an open source content management system CMS. A SQL injection vulnerability exists in the jdo module of the joomla! jdo component. The vulnerability allows attackers to obtain sensitive information about the database...
zzcms SQL Injection Vulnerability (CNVD-2019-13260)
ZZCMS is a content management system CMS by the ZZCMS team in China. A SQL injection vulnerability exists in the /user/logincheck.php file in ZZCMS version 8.3. The vulnerability can be exploited by a remote attacker to execute SQL commands with the help of the 'X-Forwarded' parameter in the HTTP...
Unspecified vulnerability in LCDS LAquis SCADA (CNVD-2019-28111)
LCDS LAquis SCADA is a SCADA Data Acquisition and Supervisory Control system from the Brazilian company LCDS. The system is mainly used for data acquisition and process control of equipment with communication technology. A security vulnerability exists in LCDS LAquis SCADA version 4.1.0.3870, whi...
Micro Focus SUSE shadow package elevation of privilege vulnerability
The Micro Focus SUSE shadow package is an encryption-enabled software package for use on Linux systems from Micro Focus, a British company. A security vulnerability exists in the SUSE useradd.c code for useradd in the Micro Focus SUSE shadow package. A local attacker could exploit the vulnerabili...
Exiv2 Null Pointer Dereference Vulnerability
Exiv2 is a cross-platform C++ library and command line utility for managing image metadata. A null pointer dereference vulnerability exists in the Exiv2::DataValue::copy function in value.cpp in Exiv2 0.26, which can be exploited by an attacker to cause a denial of service null pointer...
ImageMagick memory leak vulnerability (CNVD-2019-29209)
ImageMagick is the United States ImageMagick Studio company's set of open source image processing software. A memory leak vulnerability exists in the 'formatIPTCfromBuffer' function in the coders/meta.c file in ImageMagick version 7.0.7-29 and prior versions. No details of the vulnerability are...
Foxit Reader Remote Code Execution Vulnerability (CNVD-2018-14453)
Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...
SQL Injection Vulnerability in Shenzhen PointClear Information Technology PointClear MIS Management Information System
PointClear MIS Management Information System is an enterprise-level instant messaging platform launched by PointClear. Shenzhen PointClear Information Technology PointClear MIS Management Information System suffers from SQL injection vulnerability, which can be exploited by attackers to obtain...
Unspecified vulnerability in noderequest
noderequest is a package of request nodes for use in Node.js. A security vulnerability exists in noderequest. An attacker can exploit the vulnerability to steal environment variables...
IBM Security Identity Manager Virtual Appliance File Upload Vulnerability
IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password...
Wind-mvc directory traversal vulnerability
wind-mvc is an mvc framework. A directory traversal vulnerability exists in wind-mvc. An attacker can exploit this vulnerability by placing ". /" in a URL to access the file system...
Heap Overflow Vulnerability in WPS Office ocr Module
WPS Office is an office software suite independently developed by Kingsoft Corporation Limited, which can realize the most commonly used text, table, presentation and many other functions of office software. A heap overflow vulnerability exists in the OCR module Image to Text of WPS OFFICE when...
Exiv2 BigTiffImage::readData Assertion Failure Vulnerability
Exiv2 is a C++ library for extracting EXIF, LPTC and XMP metadata information from images. An assertion failure security vulnerability exists in Exiv2 version 0.26 bigtiffimage.cpp/BigTiffImage::readData, which can be exploited by an attacker to cause a service interruption...
IKARUS anti.virus ntguard.sys driver arbitrary write vulnerability (CNVD-2017-37950)
IKARUS anti.virus is the Austrian IKARUS Security Software company a set of antivirus software products. ntguard.sys driver is one of the self-protection system driver . IKARUS anti.virus version 2.16.18 before the ntguard.sys driver has an arbitrary write vulnerability, the vulnerability stems...
WSTSHOP open source version controller\Index.php file reload vulnerability
WSTSHOP open source version is a php language based on the development of B2C open source online store system . WSTSHOP open source version controller\Index.php file reload vulnerability . Allow attackers to exploit the vulnerability reload connection to a malicious external database , etc...