Schneider Electric Interactive Graphical SCADA System 缓冲区错误漏洞

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A buffer overflow vulnerability exists in Interactive Graphical SCADA System IGSS Definition...

Schneider Electric Interactive Graphical SCADA System 缓冲区错误漏洞

Schneider Electric Interactive Graphical SCADA System IGSS is a SCADA Data Acquisition and Supervisory System system for monitoring and controlling industrial processes from Schneider Electric, France. A buffer overflow vulnerability exists in Interactive Graphical SCADA System IGSS Definition...

WordPress Super Interactive Maps premium plugin <= 2.1 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered by Eagle Eye in WordPress Super Interactive Maps premium plugin versions = 2.1. Solution Update the WordPress Super Interactive Maps premium plugin to the latest available version at least 2.2...

packetStrider - A Network Packet Forensics Tool For SSH

packetStrider for SSH is a packet forensics tool that aims to provide valuable insight into the nature of SSH traffic, shining a light into the corners of SSH network traffic where golden nuggets of information previously lay in the dark. The problem that packet strider aims to help with AKA Why?...

Fedora: Security Advisory for mupdf (FEDORA-2021-d8e6f014e5)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: mupdf-1.18.0-5.fc32

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

[SECURITY] Fedora 33 Update: mupdf-1.18.0-5.fc33

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

Digium Certified Asterisk 安全漏洞

Digium Asterisk is a set of open source telephone exchange PBX system software from Digium, USA. The software supports voicemail, multi-party voice conferencing, interactive voice response IVR, and more. This number is a duplicate of CNNVD-201911-1291, the relevant content has been removed, pleas...

Fake-Sms - A Simple Command Line Tool Using Which You Can Skip Phone Number Based SMS Verification By Using A Temporary Phone Number That Acts Like A Proxy

A simple command line tool using which you can skip phone number based SMS verification by using a temporary phone number that acts like a proxy. Note-1: This is just an experimental tool, do not use this in any banking transactions. Unethical use of this tool is strictly not encouraged." Note-2:...

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...

SQL injection vulnerability in ar***.php page of Baoding Interactive Enterprise Marketing Planning Co.

Baoding Interactive Enterprise Marketing Planning Co. Baoding Interactive Enterprise Marketing Planning Co., Ltd. website building system ar.php page SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information database...

Shijiazhuang Jiuwing Network Technology Co., Ltd. website building system suffers from SQL injection vulnerabilities (CNVD-2021-13488)

Shijiazhuang Nine Win Network Technology Co., Ltd. is referred to as Nine Win Interactive, with website construction, mobile Internet products, 720-degree panoramic display, VI visual design as the core business. Shijiazhuang Jiuwin Network Technology Co., Ltd. website building system SQL injecti...

Shijiazhuang Jiuwing Network Technology Co., Ltd. website building system suffers from SQL injection vulnerabilities (CNVD-2021-09696)

Shijiazhuang Nine Win Network Technology Co., Ltd. is referred to as Nine Win Interactive, with website construction, mobile Internet products, 720-degree panoramic display, VI visual design as the core business. Shijiazhuang Jiuwin Network Technology Co., Ltd. website building system SQL injecti...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

TerraMaster TOS 4.2.06 - RCE (Unauthenticated)

Exploit Title: TerraMaster TOS 4.2.06 - RCE Unauthenticated Date: 12/12/2020 Exploit Author: IHTeam Full Write-up: https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ Vendor Homepage: https://www.terra-master.com/ Version: " /usr/www/"+shellfilename+" &&...

Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow

This module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 x86 in VirtualBox, VMware Fusion, and VMware...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...