InHand Networks InRouter302 httpd upload.cgi file write vulnerability

Summary A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. Tested Versions InHand Networks...

Information Leakage Vulnerability in Webpage Tampering Prevention System of Beijing Netnifty Nebula Information Technology Co.

Beijing Netnifty Information Technology Co., Ltd. covers network border security protection, application and data security protection, network security risk management, professional security solutions and professional security services. There is an information leakage vulnerability in the webpage...

CVE-2021-27497

CVE-2021-27497 affects Philips Vue PACS (versions 12.2.x.x and prior). The issue is a Protection Mechanism Failure (CWE-693) allowing remote exploitation with no authentication for high-impact actions (confidentiality, integrity, availability all High). NVD CVSSv3.1 base score 9.8 (AV:N/AC:L/PR:N...

CVE-2021-37109

There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure...

CVE-2021-37109

CVE-2021-37109 describes a security protection bypass in the modem component of Huawei EMUI/Magic UI devices, leading to memory protection failure. Connected sources consistently refer to a modem-related protection bypass with memory protection impact, but do not provide concrete affected version...

GHSA-M2C7-42RF-C62F Unrestricted Upload of File with Dangerous Type in motionEye

motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials. The GitHub repositories for...

Improper Privilege Management in devise_masquerade

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

GHSA-25F5-GC4H-HC22 Improper Privilege Management in devise_masquerade

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

Improper Privilege Management in devise_masquerade

The devisemasquerade gem before 1.3 allows certain attacks when a password's salt is unknown. An application that uses this gem to let administrators masquerade/impersonate users loses one layer of security protection compared to a situation where Devise without this extension is used. If the...

Description of the security update for Office Online Server: October 12, 2021 (KB5002027)

Description of the security update for Office Online Server: October 12, 2021 KB5002027 Summary This security update resolves a Microsoft Excel information disclosure vulnerability, Microsoft Word remote code execution vulnerability, and Microsoft Excel remote code execution vulnerabilities. To...

Leadsec ACM-Management Platform of Beijing Netnifty Information Technology Co.

Based on the information security field, Netnifty Nebula's business covers network boundary security protection, application and data security protection, network-wide security risk management, professional security solutions and professional security services. Beijing Netnifty Nebula Information...

Weak Password Vulnerability in Netnifty Web Application Security Protection System (CNVD-2021-71692)

Beijing Netnifty Information Technology Co., Ltd. is engaged in the business of network border security protection, application and data security protection, network-wide security risk management, professional security solutions and professional security services. A weak password vulnerability...

Weak password vulnerability in remote access platform of Shenzhen Wheaton Information Technology Co.

Shenzhen Wheaton Information Technology Co., Ltd Wheaton for short is a company dedicated to providing government, enterprises and institutions with remote application centralized access solutions, VPN security interconnection solutions, core data security protection solutions and so on. There is...

Command Execution Vulnerability in the Control System of Next-Generation Firewall of Shenzhen Zhongke NetWizard Technology Co. Ltd (CNVD-2021-44001)

ZKNETWORTH's next-generation firewall control system products are based on L2-7 layer access application control, integrating firewall, IPS intrusion detection, DDoS/DOS protection, AV virus protection; realizing comprehensive security protection for intranet, and providing security firewall...

Command Execution Vulnerability in the Control System of Next-Generation Firewall of Shenzhen Zhongke NetWizard Technology Co. Ltd (CNVD-2021-44000)

ZKNETWORTH's next-generation firewall control system products are based on L2-7 layer access application control, integrating firewall, IPS intrusion detection, DDoS/DOS protection, AV virus protection; realizing comprehensive security protection for intranet, and providing security firewall...

Imperva® Opens the first dedicated DDoS scrubbing center in Santiago, Chile

Imperva is excited to be further expanding our presence in Latin America by launching a new Point of Presence PoP in Santiago, Chile, in partnership with leading Chilean Telecommunications provider Entel Corporations. Located within Entel’s gold-standard Ciudad de Los Valles datacenter, which has...

Weak Password Vulnerability in Tianqing Intrusion Prevention System

SkyQuest Intrusion Prevention System is a network-based intrusion prevention product independently developed by Qixing, which is based on the core concept of deep defense and precise blocking. Through deep analysis of network traffic, it can accurately discover various types of intrusion attacks ...

Weak Password Vulnerability in Tianrongxin Intrusion Prevention System

TIANRONGXIN Intrusion Prevention System hereinafter referred to as TopIDP product is a network security protection product that defends against all kinds of attack threats in the network and protects customers' network IT service resources in real time. There is a weak password vulnerability in...

Design/Logic Flaw

Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan Enterprise VSE prior to 8.8 Patch 16 allows local administrators to bypass local security protection through VSE not correctly integrating with Windows Defender Application Control via careful manipulation of...

CVE-2020-13465

The security protection in Gigadevice GD32F103 devices allows physical attackers to redirect the control flow and execute arbitrary code via the debug interface...