Unspecified Vulnerability in Apple iOS and iPadOS Screen Recording Component

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Screen Recording in Apple iOS before 13.2 and Apple iPadOS before 13.2. An...

Amazon Blink XT2 Sync Module OS Command Injection Vulnerability

Blink XT2 Sync Module is a camera synchronization device. Amazon Blink XT2 Sync Module suffers from an operating system command injection vulnerability. The vulnerability arises from a network system or product not properly filtering special characters, commands, etc. from external input data...

YouPHPTube Encoder Operating System Command Injection Vulnerability

YouPHPTube is a PHP-based video website system.YouPHPTube Encoder is one of the encoders. An operating system command injection vulnerability exists in YouPHPTube Encoder version 2.3. The vulnerability arises from a network system or product not properly filtering special characters, commands, et...

Cisco Firepower Management Center SQL Injection Vulnerability (CNVD-2019-34719)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A SQL injection vulnerability exists in the web-based management interface of the Cisco Firepower Management Center FMC Software, which stems from the program's failure to properly validat...

Cisco Firepower Management Center SQL Injection Vulnerability (CNVD-2019-34738)

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A SQL injection vulnerability exists in the web-based management interface in Cisco FMC, which results from the program failing to properly validate input. A remote attacker could exploit...

CVE-2019-12683

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could...

Cisco IOS XE Consent Token Bypass Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices. A consent token bypass vulnerability exists in the CLI of Cisco IOS XE. The vulnerability stems from insufficient enforcement of consent tokens in authorized Shell access. An attacker could exploit this...

Cisco Enterprise Network Functions Virtualization Infrastructure Software Input Validation Error Vulnerability

Cisco Enterprise Network Functions Virtualization Infrastructure Software NFVIS is a set of Linux-based infrastructure software from Cisco. The software is mainly used for designing, deploying and managing network services and dynamically deploying virtualized network functions on supported Cisco...

Sonatype Nexus Repository Manager Operating System Command Injection Vulnerability

Sonatype Nexus Repository Manager NXRM is a Maven repository manager from Sonatype USA. An operating system command injection vulnerability exists in Sonatype NXRM that can be exploited by an attacker to execute code...

CVE-2018-12299

Cross-site scripting in filebrowser in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via uploaded file names...

Cisco Firepower Threat Defense Operating System Command Injection Vulnerability

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. An operating system command injection vulnerability exists in Cisco Firepower Threat Defense. The vulnerability arises from the network system or...

CVE-2018-1775

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products versions 7.5 through 8.2 could allow an authenticated user to download arbitrary files from the operating system. IBM X-Force ID: 148757...

Palo Alto Expedition Expedition Information Disclosure Vulnerability

Palo Alto Expedition Migration tool is a firewall migration tool from Palo Alto Networks, USA. A security vulnerability exists in Palo Alto Expedition Migration tool version 1.0.106 and earlier. An attacker can exploit the vulnerability to enumerate files on the operating system...

CVE-2018-15877

The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainviewactivitymonitor&tab=activitytools request...

CVE-2018-8870

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system...

CVE-2018-4111

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature...

Cisco Identity Services Engine Command Injection Vulnerability (CNVD-2018-05089)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A command injection...

EMC Data Domain DD OS Memory Overflow Vulnerability

EMC Data Domain DD OS and EMC Data Domain Virtual Edition are both products of EMC Corporation.EMC Data Domain DD OS is a deduplication operating system.EMC Data Domain Virtual Edition is a deduplication storage device. A memory overflow vulnerability exists in EMC Data Domain DD OS and EMC Data...

The vulnerability of the Microsoft JET Database Engine database driver on the Windows operating system allows a hacker to gain control over the system.

The vulnerability of the Microsoft JET Database Engine database driver for the Windows operating system is related to improper handling of objects in memory, resulting in operations going beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to gain...

Apple iOS Exchange ActiveSync Authentication Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices.Exchange ActiveSync is one of the Microsoft Exchange synchronization protocols. A security vulnerability exists in the Exchange ActiveSync component in versions of Apple iOS prior to 11. A remote attacker can exploit this...