CVE-2020-28332

CVE-2020-28332 affects Barco wePresent WiPG-1600W firmware (versions 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19). The issue is failure to verify digitally signed firmware updates, allowing potential processing and installation of modified/malicious images due to an inadequate integrity check. Technica...

Schneider Electric Unity Pro 安全漏洞

Schneider Electric EcoStruxure Control Expert is the universal programming, commissioning and operating software for the Modicon M340, M580, M580S, Premium, Momentum and Quantum series. A command execution vulnerability exists in Schneider Electric EcoStruxure Control Expert. The vulnerability...

CVE-2020-15658

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR 78.1, Firefox...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Browser Prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

CVE-2017-18641

In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers...

Arbitrary File Download Vulnerability in OpenSNS Backend

OpenSNS is a comprehensive social software developed by Thinking Sky. OpenSNS has an arbitrary file download vulnerability in the background, which can be exploited by an attacker to compress and download the code of the entire site...

(Pwn2Own) Xiaomi Browser miui.share APK Download Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...

Design/Logic Flaw

IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663...

CVE-2018-1906

IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663...

CVE-2018-1906

IBM InfoSphere Information Server 11.3, 11.5, and 11.7could allow an authenticated user to download code using a specially crafted HTTP request. IBM X-Force ID: 152663...

CVE-2018-1906

IBM InfoSphere Information Server versions 11.3, 11.5, and 11.7 are affected by CVE-2018-1906, an Improper Authentication vulnerability that could allow an authenticated user to download code via a specially crafted HTTP request. According to IBM’s advisory, affected products include InfoSphere I...

Information Disclosure Vulnerability in DCCE MAC1100 PLCs

MAC1100 PLC programmable logic controller PLC is a product in the programmable logic controller PLC series of Dalian Computer Control DCCE. The product is widely used in intelligent buildings, power data monitoring, heat control system, enterprise management system and other important industrial...

Stack overflow

A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in...

CVE-2017-7936

A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in...

Stack Buffer Overflow Vulnerability in Multiple NXP i.MX Products

The NXP i.MX 50 and others are different families of microprocessor products from NXP Semiconductors in the Netherlands. A stack buffer overflow vulnerability exists in multiple NXP i.MX products. The SDP can be used to download a small piece of code into an unprotected area of memory when the...

Blue Shield Web Page Tamper Protection System Has Arbitrary Source Code File Download Vulnerability

BlueShield Web Tamper Protection System is a web page tampering prevention product. Blueshield Web Tamper Protection System has an arbitrary source code file download vulnerability. As long as the php followed by %20, %2e, ::$DATA may download php files, allowing attackers to obtain the source...

CVE-2014-2505

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors...

MGASA-2014-0033 Updated hplip package fixes security vulnerabilities

It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files. CVE-2013-6402 It was discovered that HPLIP contained an upgrade tool that would download code in an unsafe fashion. If a remote attacker...

Mandriva Linux Security Advisory : hplip (MDVSA-2014:023)

Updated hplip packages fix security vulnerabilities : It was discovered that the HPLIP Polkit daemon incorrectly handled temporary files. A local attacker could possibly use this issue to overwrite arbitrary files CVE-2013-6402. It was discovered that HPLIP contained an upgrade tool that would...

Path Traversal in AWS XMS

High-Tech Bridge Security Research Lab discovered path traversal vulnerability in AWS XMS, which can be exploited to read contents of arbitrary files. 1 Path Traversal in AWS XMS: CVE-2013-2474 The vulnerability exists due to insufficient filtration of "what" HTTP GET parameter passed to...