Input Validation Error Vulnerability in Multiple Cisco Products (CNVD-2020-31998)

Cisco IP Phone 7811 and others are an IP phone from Cisco USA. An input validation error vulnerability exists in the web server of multiple Cisco products, which arises from the program failing to properly validate input for HTTP requests. The vulnerability can be exploited to execute code with...

Palo Alto Networks PAN-OS Formatting String Error Vulnerability (CNVD-2020-22957)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks for its firewall appliances. A Formatting String Error vulnerability exists in the Varrcvr daemon in PAN-OS version 9.0 prior to 9.0.7 and version 9.1 prior to 9.1.2 in Palo Alto Networks. A remote attacker could...

CVE-2020-1990

The CVE-2020-1990 issue is a stack-based buffer overflow in PAN-OS management server. Affected: Palo Alto Networks PAN-OS 8.1.x before 8.1.13 and 9.0.x before 9.0.7 (not affecting 7.1). Exploitation requires authentication and can allow uploading a corrupted PAN-OS configuration with potential co...

CVE-2020-10887

This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of IPv6 connections. The issue results from the lack of proper...

ASUSTOR exFAT Driver Input Validation Error Vulnerability

ASUSTOR exFAT Driver is an exFAT file system driver from Taiwan, China ASUSTOR. A security vulnerability exists in ASUSTOR exFAT Driver 1.0.0.r20 and earlier versions, which stems from exfat.cgi and exfatctl failing to properly validate the server response and passing uncleaned server responses t...

CVE-2019-11689

An issue was discovered in ASUSTOR exFAT Driver through 1.0.0.r20. When conducting license validation, exfat.cgi and exfatctl fail to properly validate server responses and pass unsanitized text to the system shell, resulting in code execution as root...

PT-2020-6512 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to a stack-based buffer overflow when handling the var:menu parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of...

PT-2020-6504 · D Link · D-Link Dap-2020

Name of the Vulnerable Software and Affected Versions: D-Link DAP-2020 version 1.01rc001 Description: The issue is related to a stack-based buffer overflow when handling the var:page parameter provided to the "webproc" endpoint. This occurs due to the lack of proper validation of the length of...

CVE-2020-3172

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service DoS condition on an affected device. The vulnerability exists because of...

PT-2020-1987 · Cisco · Cisco Fxos +2

Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software and Cisco NX-OS Software affected versions not specified Description: A vulnerability in the Cisco Discovery Protocol feature could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a...

CVE-2020-8862

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-2610 Firmware v2.01RC067 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords. The issue results from t...

IBM Planning Analytics Code Execution Vulnerability

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in IBM Planning Analytics versions 2.0.0 through 2.0.8. An attacke...

CVE-2019-16736

A stack-based buffer overflow in processCommandUploadSnapshot in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user...

CVE-2019-16735

A stack-based buffer overflow in processCommandUploadLog in libcommon.so in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to cause denial of service or run arbitrary code as the root user...

TitanHQ WebTitan has an unspecified vulnerability (CNVD-2019-44523)

TitanHQ WebTitan is a web content filter from TitanHQ Ireland. A security vulnerability exists in TitanHQ WebTitan versions prior to 5.18. An attacker can exploit the vulnerability to execute arbitrary code as root...

CVE-2019-15958

A vulnerability in the REST API of Cisco Prime Infrastructure PI and Cisco Evolved Programmable Network Manager EPNM could allow an unauthenticated remote attacker to execute arbitrary code with root privileges on the underlying operating system. The vulnerability is due to insufficient input...

Linear eMerge E3 1.00-06 Arbitrary File Upload Remote Root Code Execution

!/usr/bin/env python Linear eMerge E3 Arbitrary File Upload Remote Root Code Execution Affected version: \n" sys.exit ipaddr = sys.argv1 vremetodeneska = datetime.datetime.now print "Starting exploit at "+vremetodeneska.strftime"%d.%m.%Y %H:%M:%S" print while True: try: target =...

IBM DB2 High Performance Unload Elevation of Privilege Vulnerability

IBM DB2, etc. are products of IBM Corporation in the U.S.A. DB2 is a relational database management system.Opera Software Opera, etc. are products of Norway's Opera Software.Opera is a Web browser and IBM DB2 is a relational database management system. An elevation of privilege vulnerability exis...

CVE-2019-4448

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpumdebug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This...

PT-2019-17088 · Ibm · Ibm Db2 High Performance Unload

Name of the Vulnerable Software and Affected Versions: IBM DB2 High Performance Unload load for LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 Description: The issue allows a low-privileged user to execute arbitrary code with root authority by loading arbitrary db2...