77 matches found
IBM InfoSphere BigInsights Remote Code Injection Vulnerability
IBM InfoSphere BigInsights is a suite of software platforms for storing and analyzing "Big Data" from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data. A remote code injection vulnerability exists in IBM...
EasySNS Minimalist Community loginHandle method suffers from SQL injection vulnerability
EasySNS Minimalist Community is for the new database architecture and program structure, to the group as the basic unit to form an interactive community. A SQL injection vulnerability exists in the loginHandle method of the EasySNS community. The vulnerability is due to the failure of the system ...
IrfanView BabaCAD4Image plugin buffer overflow vulnerability (CNVD-2017-32369)
IrfanView is an image viewer developed by Irfan Skiljan, a software developer from Bosnia and Herzegovina, which supports image browsing, image editing, image format conversion, etc. BabaCAD4Image plugin is one of the plugins for reading DXF and DWG CAD files. A buffer overflow vulnerability exis...
Concrete5 cross-site scripting vulnerability (CNVD-2017-32458)
concrete5 is a free content management system CMS. The system can be edited and typeset directly on the page. A cross-site scripting vulnerability exists in concrete5 version 5.7.3.1, which stems from the program failing to validate or encrypt user-submitted input. A remote attacker can exploit...
GNU PSPP Denial of Service Vulnerability (CNVD-2017-28754)
GNU PSPP is a free application developed by the GNU Project for data sampling, statistics and analysis. A security vulnerability exists in the 'dictaddmrset' function in the data/dictionary.c file in GNU PSPP version 0.11.0. A remote attacker could exploit this vulnerability to cause a denial of...
AutoTrace heap buffer overflow vulnerability (CNVD-2017-08490)
AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. A heap buffer overflow vulnerability exists in the 'GETCOLOR' function at color.c:16:11 in the libautotrace.a file in AutoTrace version 0.31.1. An attacker can exploit this vulnerability to cause a heap buff...
WordPress REST API Endpoint Cross-Site Scripting Vulnerability
WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A cross-site scripting vulnerability exists in WordPress REST API Endpoint versions prior to 4.7.3, which can be exploited by an attacker to inject arbitrary JavaScript...
Zimbra Collaboration suffers from multiple cross-site scripting vulnerabilities (CNVD-2017-00758)
Zimbra can provide open source email server software and shared calendars. Multiple cross-site scripting vulnerabilities in versions prior to Zimbra Collaboration 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors also known as errors...
SQL Injection Vulnerability in the uuid Parameter of Shenzhen Siquan CRM System
Ltd. is engaged in OA, CRM, ERP, HRM, enterprise mailbox system consulting and services. SQL injection vulnerability exists in the uuid parameter of the Shenzhen SiQuan CRM system. Allows attackers to exploit the vulnerability to obtain sensitive database information...
Struts2 Remote Command Execution Vulnerability in Shenzhen Pengjiao Project Management System
Shenzhen Pengjiao Project Management System is a product of Shenzhen Pengjiao Management Consultant Co., Ltd, which mainly serves primary and secondary schools, private educational institutions, government education and so on. A Struts2 remote command execution vulnerability exists in the Shenzhe...
LibTIFF tif_pixarlog.c Heap Buffer Overflow Vulnerability
LibTIFF is a library for reading and writing the Tagged Image File Format abbreviated as TIFF. A security vulnerability exists in libtiff version 4.0.6 in tifpixarlog.c, which can lead to out-of-bounds write operations in the heap buffer...
Design Vulnerability in Oceanis Browser
Maxthon Browser is a versatile and personalized multi-tab browser. It reduces the browser's usage of system resources and improves the efficiency of web surfing. A design vulnerability exists in Maxthon Browser that allows attackers to exploit the vulnerability to bypass the homology policy...
xWPE Local Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in xwpe v1.5.30a-2.1 and earlier versions due to a failure to strictly limit user input. An attacker is able to exploit this vulnerability to arbitrarily execute code in the context of the application, potentially resulting in a denial of service...
IBM Tivoli Storage FlashCopy Manager and Tivoli Storage Manager local boost vulnerability (CNVD-2015-08435)
IBM Tivoli Storage FlashCopy Manager is a suite of software that provides a high level of data protection for critical applications and databases through integrated snapshot capabilities.Tivoli Storage Manager is a suite of software that automates data protection for e-mail servers. A security...
libxml2 heap buffer overflow vulnerability (CNVD-2015-08397)
libxml2 is an XML parser and markup toolset. A heap buffer overflow vulnerability exists in versions of libxml2 prior to 2.9.3. An attacker is able to rely on context to cause a denial of service via an unspecified vector...
PHP 'php_zip.c' Directory Traversal Vulnerability
PHP is an open source general-purpose computer scripting language. A directory traversal vulnerability in PHP 'phpzip.c' allows remote attackers to exploit the vulnerability by submitting the special directory traversal character '...' to create or overwrite arbitrary files...
Multiple HTML Injection Vulnerabilities in AdaptCMS
AdaptCMS is a content management system. AdaptCMS has multiple HTML injection vulnerabilities because it fails to properly filter user-supplied input. An attacker can execute supplied HTML and script code in the context of the affected site...