SugarCRM PHP code injection vulnerability (CNVD-2019-34420)

SugarCRM is a set of open source customer relationship management software . A PHP code injection vulnerability exists in the MergeRecords module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to execute arbitrary code...

cPanel cross-site scripting vulnerability (CNVD-2019-26200)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in versions prior to cPanel 70.0.23. The vulnerability stems from a lack of proper...

CVE-2018-17841

SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter...

Cloudera Data Science Workbench SQL Injection Vulnerability

Cloudera Data Science Workbench CDSW is a suite of data science platforms from Cloudera. The platform provides organizations with fast, easy and secure self-service data science support. A SQL injection vulnerability exists in Cloudera CDSW versions 1.4.0 through 1.4.2. The vulnerability stems fr...

CVE-2018-19977

A command injection missing input validation, escaping in the ftp upgrade configuration interface on the Auerswald COMfort 1200 IP phone 3.4.4.1-10589 allows an authenticated remote attacker simple user -- in the same network as the device -- to trigger OS commands like starting telnetd or openin...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2019-14591)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates critical B2B processes, transactions and relationships. The software supports secure integration of complex B2B processes with diverse partner communities. A cross-site scripting vulnerability exists in BM Sterling B2...

The vulnerability of the Web Services Management Agent web interface of the Cisco IOS XE operating system allows a hacker to execute commands with elevated privileges.

The vulnerability of the Web Services Management Agent component in the Cisco IOS XE operating system exists due to the lack of checks and cleanups for input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with elevated privileges...

Traq SQL Injection Vulnerability

Traq is a PHP-based project management and issue tracking system. Traq suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications. An attacker can exploit this vulnerability to execute illegal SQL commands...

DEBIAN-CVE-2019-7331

Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3 while editing an existing monitor field named "signal check color" monitor.php. There exists no input validation or output filtration, leaving it vulnerable to HTML Injection and an XSS attack...

UBUNTU-CVE-2018-14767

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "buildresbuffromsipreq" core function. This could result in denial of service and potentially...

ALPINE-CVE-2018-14767

In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in the "buildresbuffromsipreq" core function. This could result in denial of service and potentially...

CVE-2018-5271

In Malwarebytes Premium 3.3.1.2183, the driver file FARFLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c40e008. NOTE: the vendor reported that they "have not been able to reproduce the issu...

CVE-2017-17796

In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file VIRAGTLT.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x827300A4...

CVE-2017-6708

A vulnerability in the symbolic link symlink creation functionality of the AutoVNF tool for the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to read sensitive files or execute malicious code on an affected system. The vulnerability is due to the absence of...

Microsoft Skype DLL Load Local Code Execution Vulnerability

Microsoft Skype is a suite of instant messaging software from the American company Microsoft. Microsoft Skype suffers from a DLL loading local code execution vulnerability that originates from the program failing to validate user-supplied input. A local attacker could exploit this vulnerability t...

The vulnerability of the Linter Bastion database management system allows a malicious individual to trigger a service failure.

In the “sub416B78” procedure, there is no check for the correctness of input data. This may lead to buffer overflows when processing the RPC call with the number 0x10 “0x0040C284”, resulting in corrupted data that is necessary for the proper functioning of the application. This vulnerability allo...

The vulnerability of the Linter Bastion database management system allows a malicious individual to execute arbitrary code with system privileges.

In the “sub41149F” authentication process at the address “0x0041150E”, there is no check for the correctness of input data. This may lead to buffer overflows in the stack during the processing of the RPC call numbered 0x13 “0x0040C95C”. This vulnerability allows a malicious attacker to execute...