Palo Alto Networks PAN-OS Formatting String Error Vulnerability (CNVD-2020-22957)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A Formatting String Error vulnerability exists in the Varrcvr daemon in PAN-OS version 9.0 prior to 9.0.7 and version 9.1 prior to 9.1.2 in Palo Alto Networks. A remote attacker could...

CVE-2020-10887

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper...

ASUSTOR exFAT Driver Input Validation Error Vulnerability

ASUSTOR exFAT Driver is an exFAT file system driver from Taiwan, China ASUSTOR. A security vulnerability exists in ASUSTOR exFAT Driver 1.0.0.r20 and earlier versions, which stems from exfat.cgi and exfatctl failing to properly validate the server response and passing uncleaned server responses t...

CVE-2019-11689

An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root...

PT-2020-6512 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to a stack-based buffer overflow when handling the var:menu parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of...

PT-2020-6504 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to a stack-based buffer overflow when handling the var:page parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of...

CVE-2020-3172

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...

PT-2020-1987 · Cisco · Cisco Fxos +2

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software and Cisco NX-OS Software affected versions not specified Description: A vulnerability in the Cisco Discovery Protocol feature could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a...

CVE-2020-8862

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from t...

IBM Planning Analytics Code Execution Vulnerability

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics versions 2.0.0 through 2.0.8. An attacke...

CVE-2019-16736

A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user...

CVE-2019-16735

A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user...

TitanHQ WebTitan has an unspecified vulnerability (CNVD-2019-44523)

TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A security vulnerability exists in TitanHQ WebTitan versions prior to 5.18. An attacker can exploit the vulnerability to execute arbitrary code as root...

Linear eMerge E3 1.00-06 Arbitrary File Upload Remote Root Code Execution

!/usr/bin/env python Linear eMerge E3 Arbitrary File Upload Remote Root Code Execution Affected version: \n" sys.exit ipaddr = sys.argv1 vremetodeneska = datetime.datetime.now print "Starting exploit at "+vremetodeneska.strftime"%d.%m.%Y %H:%M:%S" print while True: try: target =...

IBM DB2 High Performance Unload Elevation of Privilege Vulnerability

IBM DB2, etc. are products of IBM Corporation in the U.S.A. DB2 is a relational database management system.Opera Software Opera, etc. are products of Norway's Opera Software.Opera is a Web browser and IBM DB2 is a relational database management system. An elevation of privilege vulnerability exis...

CVE-2019-4448

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpumdebug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This...

PT-2019-17088 · Ibm · Ibm Db2 High Performance Unload

Name of the Vulnerable Software and Affected Versions: IBM DB2 High Performance Unload load for LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 Description: The issue allows a low-privileged user to execute arbitrary code with root authority by loading arbitrary db2...

cPanel Authorization Issues Vulnerability (CNVD-2019-29606)

cPanel is a set of Web-based automated colocation platforms from the American company cPanel. The platform is primarily used to automate the management of websites and servers. The security vulnerability in cPanel versions prior to 68.0.15 stems from the program assigning weak privileges for...

cPanel Input Validation Error Vulnerability (CNVD-2019-33874)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An input validation error vulnerability exists in cPanel. An attacker can exploit this vulnerability to execute code in the conte...

CVE-2017-18434

cPanel before 64.0.21 allows code execution in the context of the root account via a SETVHOSTLANGPACKAGE multilang adminbin call SEC-237...