V-SOL Command Injection Vulnerability

V-Solution V1600D is a Gpon-enabled terminal device for connecting fiber optic trunks.V-Solution V1600D4L is a Gpon-enabled terminal device for connecting fiber optic trunks.V-Solution V1600D-MINI is a Gpon-enabled terminal device for connecting fiber optic trunks.V-Solution V1600G1 is a...

Moodle 3.8 - Unrestricted File Upload

Exploit Title: Moodle 3.8 - Unrestricted File Upload Date: 2019-09-08 Exploit Author: Sirwan Veisi Vendor Homepage: https://moodle.org/ Software Link: https://github.com/moodle/moodle Version: Moodle Versions 3.8, 3.7, 3.6, 3.5, 3.4... Tested on: Moodle Version 3.8 CWE : CWE-434 I found an...

AZL-7363 CVE-2020-25651 affecting package spice-vdagent for versions less than 0.22.1-1

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

DEBIAN-CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

Design/Logic Flaw

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

CVE-2020-25651

CVE-2020-25651 affects spice-vdagent (SPICE file transfer protocol) where file data can leak to a client connection or cause denial of service for spice-vdagent versions 0.20 and earlier. Exploitation could occur via the host-to-VM transfer path; impact includes confidentiality loss and availabil...

CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

CVE-2020-25651

A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in full or in parts in the client connection of an illegitimate local user in the VM system. Active file transfers from other users could also be interrupted, resulting in a denial of service. The...

CVE-2020-25650

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path /run/spice-vdagentd/spice-vdagent-sock could use this flaw to perform a memory denial of service f...

CVE-2020-29056

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices...

Winscp 缓冲区错误漏洞

WinSCP is a free open source SFTP, FTP, WebDAV, Amazon S3 and SCP client for Microsoft Windows. A buffer overflow vulnerability exists in WinSCP 5.17.8. An attacker can exploit this vulnerability to cause a denial of service via a malicious FTP server via a long filename...

The vulnerability of the implementation of the FTP verification mechanism for microprogramming-based network interface controllers in Cisco Firepower Threat Defense and Cisco Adaptive Security Appliances allows attackers to gain unauthorized access to protected information.

The vulnerability of the FTP verification mechanism implemented by Cisco Firepower Threat Defense FTD and Cisco Adaptive Security Appliance ASA is related to deficiencies in access control. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected...

CVE-2020-7562

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...

CVE-2020-7564

A CWE-120: Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause write access and the execution o...

CVE-2020-7563

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...

Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 Buffer Error Vulnerability

The Schneider Electric Modicon Quantum and Schneider Electric Modicon M340 are both products of Schneider Electric, France.The Schneider Electric Modicon Quantum is a large programmable logic controller PLC for The Schneider Electric Modicon Quantum is a large programmable logic controller PLC fo...

PT-2020-6285

Name of the Vulnerable Software and Affected Versions Modicon M340 affected versions not specified Modicon Quantum affected versions not specified Modicon Premium Legacy affected versions not specified Description The issue is related to an out-of-bounds write vulnerability in the Web Server of t...

openSUSE Security Update : spice-vdagent (openSUSE-2020-1898)

This update for spice-vdagent fixes the following issues : Security issues fixed : - CVE-2020-25650: Fixed a memory DoS via arbitrary entries in activexfers hash table bsc1177780. - CVE-2020-25651: Fixed a possible file transfer DoS and information leak via activexfers hash map bsc1177781. -...