1367 matches found
CVE-2022-37383
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2022-37376
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2022-37379
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
CVE-2020-8889
The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information via action=export because a typo results in a successful comparison of a blank password and NULL...
matrix-react-sdk 安全漏洞
Travis Ralston matrix-react-sdk is a Travis Ralston open source application. It is used to insert the Matrix chat/voice client into a web page. A security vulnerability exists in matrix-react-sdk, which originates from data sent from a remote server that could result in some functionality being...
The vulnerability of the extract_name function in the fuzz_util.c component of the DNS server Dnsmasq allows a hacker to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the extractname function in the fuzzutil.c component of the DNS server Dnsmasq is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the server-side components of WAGO’s programmable logic controllers, such as WAGO PFC100/PFC200, CC100, Edge Controller, as well as the WAGO Touch Panel 600, allows a malicious actor to record arbitrary data with root privileges.
The vulnerability of the server-side components of WAGO PFC100/PFC200, CC100, Edge Controller programmable logic controllers, and WAGO Touch Panel 600 sensor panels lies in the absence of authentication for critical functions. Exploiting this vulnerability allows an attacker to remotely record...
PT-2023-9678 · Freebsd · Freebsd
Name of the Vulnerable Software and Affected Versions: FreeBSD affected versions not specified Description: The issue is related to the use of an uninitialized resource in the msdosfs driver of the FreeBSD operating system. Exploitation of this issue may allow an attacker to read data from remote...
The vulnerability of microprogrammed software in ZTE ZXvSTB TV devices, related to deficiencies in access control, allows attackers to delete arbitrary data.
The vulnerability of the microprogramming software in ZTE ZXvSTB TVs is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to delete arbitrary data remotely...
PT-2023-17817 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: A logic error in the code of PasspointXmlUtils.java could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
The vulnerability lies in the executable file IGSSdataServer.exe of the SCADA system’s data server, IGSS Data Server, as well as the executable file DashBoard.exe of the IGSS Dashboard. Additionally, the RMS16.dll library from the report module Custom Reports allows a hacker to delete arbitrary data.
The vulnerability of the IGSSdataServer.exe executable of the SCADA system’s data server, the DashBoard.exe executable of the IGSS Dashboard, and the RMS16.dll library of the report module Custom Reports is related to the absence of authentication for a critical function. Exploiting this...
CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
Authorization
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
CVE-2023-1256 CVE-2023-1256
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial of service, and tamper with alarm states...
PT-2023-1874 · Unknown · Igss Dashboard +2
Name of the Vulnerable Software and Affected Versions: IGSS Data Server versions V16.0.0.23040 and prior IGSS Dashboard versions V16.0.0.23040 and prior Custom Reports versions V16.0.0.23040 and prior Description: The issue is related to the absence of authentication for a critical function in th...
CVE-2023-22805
LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device...
SUSE CVE-2003-0279
Multiple SQL injection vulnerabilities in the WebLinks module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using 1 the viewlink function and cid parameter, or 2 index.php...
SUSE CVE-2005-2264
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the search target, then injecting script into other pages via a data: URL...
SUSE CVE-2005-3180
The Orinoco driver orinoco.c in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information...