1445 matches found
The vulnerability of the sapi/cgi/cgi_main.c component of the PHP programming language interpreter allows a attacker to cause a service failure.
The vulnerability of the sapi/cgi/cgimain.c component of the PHP programming language interpreter exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and RV345P allows a perpetrator to execute arbitrary commands.
The vulnerability of the web-based management interface for Cisco Small Business RV340, RV340W, RV345, and RV345P microprogramming systems exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a...
The vulnerability in the web interface for managing microprogrammed software routers of Cisco Small Business RV340, RV340W, RV345, and RV345P allows a hacker to trigger a service failure.
The vulnerability of the web-based management interface for Cisco Small Business RV340, RV340W, RV345, and RV345P microprogramming systems lies in the insufficient handling of exceptional states. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
The vulnerability in the web interface for controlling the Cisco AsyncOS operating system of Cisco Web Security Appliance allows a perpetrator to execute cross-site scripting attacks.
The vulnerability in the web interface for controlling the Cisco AsyncOS operating system of Cisco Web Security Appliance lies in the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
CVE-2021-40405
A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability...
Vulnerability of the API component: A software platform in Node.js that allows attackers to compromise data integrity
The vulnerability of the API component in the Node.js software platform is related to insufficient checking of the rejectUnauthorized value. Exploiting this vulnerability allows an attacker to compromise data integrity...
The vulnerability of the Common Gateway Interface (CGI) interface of microprogramming software for network devices such as ZyXEL USG, USG FLEX, ATP, ZyWALL, VPN, and NSG allows attackers to bypass authentication processes and gain increased privileges.
The vulnerability of the Common Gateway Interface CGI interface of ZyXEL USG, USG FLEX, ATP, ZyWALL, VPN, and NSG network devices is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass authentication processes and gain increased...
The vulnerability of the web interface configuration of TP-Link’s AC1750 Archer C20i router software allows a hacker to execute arbitrary code.
The vulnerability of the web interface configuration of TP-Link AC1750 Archer C20i software lies in the lack of measures taken to neutralize special elements used in the operating system’s processing of the XTPExternalIPv6Address parameter. Exploiting this vulnerability allows a malicious actor t...
The vulnerability of the Microsoft Security Support Provider Interface (SSPI) in the Microsoft Windows operating system allows attackers to escalate their privileges.
The vulnerability of the Microsoft Security Support Provider Interface SSPI in the Microsoft Windows operating system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of Google Chrome’s File API interface allows attackers to circumvent security restrictions.
The vulnerability of the Google Chrome browser’s File API relates to the use of an uninitialized resource. Exploiting this vulnerability allows a malicious actor to bypass security restrictions through a specially created HTML page...
CVE-2021-39051
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server...
The vulnerability of the web interface of the server application for managing food industry businesses AK-EM 800 lies in the use of rigidly encrypted user accounts (users “admin”, “administrator”, “user”, and “guest”). This allows a perpetrator to increase their privileges.
The vulnerability of the web interface of the industrial management application AK-EM 800 relates to the use of rigidly encrypted user credentials users “admin”, “administrator”, “user”, and “guest”, with the default password being “danfoss”. Exploiting this vulnerability could allow an attacker ...
The vulnerability of the web-based application of D-Link DIR-X1860 wireless routers allows a hacker to execute arbitrary code.
The vulnerability of the web application of D-Link DIR-X1860 Wi-Fi routers is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created website...
Access Restriction Bypass
Overview github.com/snapcore/snapd/interfaces/builtin is a tool enabling systems to work with .snap files Affected versions of this package are vulnerable to Access Restriction Bypass due to failure to perform sufficient validation of snap content interface and layout paths, resulting in the...
HUAWEI EMUI 安全漏洞
Huawei Emui is an Android-based mobile operating system developed by Huawei, a Chinese company. An access control error vulnerability exists in Huawei EMUI version 12.0.0, which stems from an unauthorized rewrite vulnerability in the memory access management module on the ACPU. An attacker can...
The vulnerability of the NAT Rules Name Screen web interface in the LuCI configuration interface allows a hacker to perform cross-site scripting attacks.
The vulnerability of the NAT Rules Name Screen web interface of the LuCI configuration interface in the embedded OpenWrt operating system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a remote attacker to perform cross-site...
The vulnerability in the web interface of the software tool for creating reports for Cisco Security Manager’s deployed security solutions allows a perpetrator to perform cross-site scripting attacks.
The vulnerability in the web interface for creating reports for Cisco Security Manager’s deployed security solutions is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the specially...
The vulnerability in the web interface of the Cisco Secure Network Analytics system, previously known as Cisco Stealthwatch Enterprise, allows attackers to execute cross-site scripting attacks.
The vulnerability of the web interface of the Cisco Secure Network Analytics system, previously known as Cisco Stealthwatch Enterprise, is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability in the web interface for managing applications used to manage Cisco Unified Contact Center Management Portal (Unified CCMP) and Cisco Unified Contact Center Domain Manager (Unified CCDM allows a malicious actor to escalate their privileges.
The vulnerability of the Web interface for managing software solutions in the Cisco Unified Contact Center Management Portal and Cisco Unified Contact Center Domain Manager is related to the implementation of security features at the client side. Exploiting this vulnerability allows a malicious...
The vulnerability in the web interface of the software tool for creating reports for Cisco Security Manager’s deployed security solutions allows a perpetrator to perform cross-site scripting attacks.
The vulnerability in the web interface for creating reports for Cisco Security Manager’s deployed security solutions is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using the specially...