Vulnerability of the Cluster component: The general system for managing MySQL Cluster databases, which allows attackers to execute arbitrary code.

Vulnerability of the Cluster component: General database management systems like MySQL Cluster are vulnerable when operations occur outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

PT-2021-6247 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Defender for IoT. It can be exploited by a remote attacker using a specially crafted request,...

CVE-2020-29205

XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field...

Panasonic Video Insight VMS vulnerable to arbitrary code execution

Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94 because unencrypted communication exists in the communication using non-well known ports. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its...

CVE-2020-28144

Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code...

D-Link DNS Devices RCE Vulnerability (SAP10183) - Active Check

D-Link DNS-320 devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

CVE-2020-29474

EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...

Sql injection

EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

Design/Logic Flaw

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote...

Remote Code Execution (RCE)

ncurses is vulnerable to denial of service. Due to a flaw, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

The vulnerability of the WebKit rendering module in OpenSUSE Leap operating systems, Mac OS X, iOS, tvOS, Safari browser, multimedia player iTunes, and iCloud service lies in the use of memory after it is freed. This allows an attacker to execute arbitrary code.

The vulnerability of the WebKit rendering module in operating systems such as Mac OS X, iOS, tvOS, Safari browser, multimedia player iTunes, and iCloud service is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code memor...

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2018-1166)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-1896-1 : commons-beanutils security update

It was discovered that there was a remote arbitrary code vulnerability in commons-beanutils, a set of utilities for manipulating JavaBeans code. For Debian 8 'Jessie', this issue has been fixed in commons-beanutils version 1.9.2-1+deb8u1. We recommend that you upgrade your commons-beanutils...

Node.js third-party modules: Lack of input validation and sanitization in react-autolinker-wrapper library causes XSS

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...

devolo dLAN 550 duo+ Starter Kit Remote Code Execution

Summary Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative for any location without structured network wiring. Especially in buildings or residences lacking network cables or where updating the wiring would be expensive and...

CVE-2018-18589

CVE-2018-18589 concerns Micro Focus Real User Monitoring software with vulnerable versions: 9.26IP, 9.30, 9.40 and 9.50. Connected CVE data notes a Java deserialization vulnerability as the root cause, enabling potential remote arbitrary code execution. The CVE entry indicates the impact is remot...

EulerOS Virtualization 2.5.0 : ncurses (EulerOS-SA-2018-1252)

According to the versions of the ncurses packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In ncurses 6.0, there is a stack-based buffer overflow in the fmtentry function. A crafted input will lead to a remote arbitrary...

MacOS Malware Targets Cryptocurrency Community on Slack, Discord

Hackers using MacOS malware are targeting cryptocurrency investors that use both the Slack and Discord chat platforms. The malware, dubbed OSX.Dummy, uses an unsophisticated infection method, but those who are successfully attacked open their systems up to remote arbitrary code execution. “If the...