2244 matches found
SAP Plant Connectivity Arbitrary Code Execution Vulnerability
SAP Plant Connectivity PCo is a set of next-generation, high-performance production plant connectivity software from SAP, which can communicate with different industrial software platforms. A security vulnerability exists in SAP PCo versions 2.3 and 15.0. A remote attacker could exploit the...
Ingenious School Management System SQL Injection Vulnerability
Ingenious School Management System is a web-based school management system. The system supports adding courses, posting grades and managing teachers. A SQL injection vulnerability exists in the /view/friendprofile.php file in Ingenious School Management System version 2.3.0. A remote attacker can...
IBM OpenPages GRC Platform Information Disclosure Vulnerability (CNVD-2017-34238)
The IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms from IBM USA for managing enterprise risk and compliance challenges. The platform provides a set of core services and functional components across the risk and compliance domains, including operational risk,...
IBM OpenPages GRC Platform Information Disclosure Vulnerability (CNVD-2017-34430)
IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...
Catalyst Mahara Duplicate Session Header Vulnerability
Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara versions 15.04 prior to 15.04.7 and 15.10 prior to 15.10.3 using PHP version 5.3. An attacker could...
CVE-2017-3933
Embedding Script XSS in HTTP Headers vulnerability in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack...
HP Intelligent Management Center Arbitrary File Download Vulnerability (CNVD-2017-33197)
HP Intelligent Management Center iMC is a suite of network intelligent management center solutions from Hewlett Packard Enterprise HPE. The solution provides network-wide visibility and enables comprehensive management of resources, services, and users. imc SOM is one of the service operation and...
libzip '_zip_read_eocd64' function denial of service vulnerability
libzip is a C library for reading, creating and modifying zip archives developed by software developers Dieter Baron and Thomas Klausner. A security vulnerability exists in the 'zipreadeocd64' function of the zipopen.c file in versions of libzip prior to 1.3.0. A remote attacker can exploit this...
SUSE-SU-2017:2315-1 Security update for libreoffice
LibreOffice was updated to version 5.3.5.2, bringing new features and enhancements: Writer: - New 'Go to Page' dialog for quickly jumping to another page. - Support for 'Table Styles'. - New drawing tools were added. - Improvements in the toolbar. - Borderless padding is displayed. Calc: - New...
UBUNTU-CVE-2017-11610
The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...
WordPress PressForward plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.PressForward plugin is one of the workflow editing plugin. A cross-site scripting vulnerability exists in the...
OSNEXUS QuantaStor v4 Virtual Appliance Cross-Site Scripting Vulnerability
OSNEXUS QuantaStor v4 virtual appliance is a virtual storage appliance from OSNEXUS USA. A cross-site scripting vulnerability exists in OSNEXUS QuantaStor v4 virtual appliance versions prior to 4.3.1. A remote attacker can exploit this vulnerability to inject arbitrary HTML or JavaScript code...
Opencv Remote Code Execution Vulnerability
OpenCV is an open source, cross-platform, lightweight computer vision library. A remote code execution vulnerability exists in the modules/imgcodecs/src/grfmtpxm.cpp file in OpenCV 3.3 and earlier versions. A remote attacker could exploit this vulnerability to execute code or cause a denial of...
CVE-2017-3107
Adobe Experience Manager 6.3 and earlier has a misconfiguration vulnerability...
Mozilla Firefox and Firefox ESR Memory Misreference Vulnerability (CNVD-2017-22580)
Mozilla Firefox and Firefox ESR are both browser products developed by the Mozilla Foundation in the U.S. Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A memory misreference vulnerability exists in Mozilla Firefox versions prior to 55 and Firefox ES...
CVE-2017-10123
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. The supported version that is affected is 12.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebLogic Server...
DEBIAN-CVE-2017-12601
OpenCV Open Source Computer Vision Library through 3.3 has a buffer overflow in the cv::BmpDecoder::readData function in modules/imgcodecs/src/grfmtbmp.cpp when reading an image file by using cv::imread, as demonstrated by the 4-buf-overflow-readData-memcpy test case...
OpenCV Denial of Service Vulnerability (CNVD-2017-24179)
OpenCV is an open source, cross-platform, lightweight computer vision library. A denial of service vulnerability exists in the 'icvCvtBGRA2BGR8uC4C3R' function in OpenCV 3.3 and earlier versions. An attacker can exploit this vulnerability to cause a denial of service read across boundaries...
IBM InfoSphere Information Server elevation of privilege vulnerability (CNVD-2017-21244)
IBM InfoSphere Information Server is a set of data integration platforms from IBM in the United States. The platform can be used to integrate data information obtained from various sources. An elevation of privilege vulnerability exists in IBM InfoSphere Information Server versions 9.1, 11.3, and...
CVE-2016-7844
GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute arbitrary OS commands via specially crafted mail template...