ClinicCases 跨站请求伪造漏洞

ClinicCases is an open source case management system designed for law school clinics. A cross-site request forgery vulnerability exists in ClinicCases version 7.3.3, which can be exploited by an attacker to perform arbitrary actions with the privilege level of the target user...

The vulnerability of the APTARE data management platform, related to bypassing the authentication process, allows attackers to gain access to data and functions that are available to the target user account.

The vulnerability of the APTARE data management platform relates to the bypassing of the authentication process. Exploiting this vulnerability allows a malicious actor to gain access to data and functions that are available to the target user account...

CVE-2020-15914

A cross-site scripting XSS vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data related to the target user’...

ismartgate PRO Cross-Site Request Forgery Vulnerability

iSmartGate is a smart garage door opener system. The ismartgate PRO suffers from a cross-site request forgery vulnerability that allows a remote attacker to exploit the vulnerability to construct a malicious URI, bait a request, and can perform a malicious operation in the context of the target...

IBM BladeCenter Cross-Site Request Forgery Vulnerability (CNVD-2020-52190)

IBM Blade Center is an IBM server management program. IBM Blade Center suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, bait a request, and can be used to perform a malicious operation in the context of the target use...

IBM BladeCenter Cross-Site Request Forgery Vulnerability

IBM Blade Center is an IBM server management program. IBM Blade Center suffers from a cross-site request forgery vulnerability that can be exploited by a remote attacker to construct a malicious URI, bait a request, and can be used to perform a malicious operation in the context of the target use...

CVE-2020-6110

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs ...

Microsoft Windows Jet Database Remote Code Execution (CVE-2019-1249)

A remote code execution vulnerability exists in the Jet Database Engine component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted file. Successful...

Windows Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update. Successful exploitation of the vulnerability could allow a user to make use of a blocked password for their account. To exploit the vulnerability, an attacker would need have...

Cisco Webex Teams Injection Vulnerability

Cisco Webex Teams is a team collaboration application from Cisco USA. The program includes video conferencing, group messaging and file sharing features. An injection vulnerability exists in Cisco Webex Teams. A remote attacker could exploit this vulnerability to modify files and execute arbitrar...

Chrome Gather Cookies

Read all cookies from the Default Chrome profile of the target user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chrome Gather Cookies', 'Description' = 'Read all cookies from the Default...

CVE-2018-10609

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges...

Netgear DGN2200B Cross-Site Scripting

A cross-site scripting vulnerability has been reported in Netgear DGN2200B routers. Successful exploitation will result in the attacker-controlled script code being executed in the target user's browser in the context of the affected machine...

Mozilla Firefox Media Capture and Streams API Privilege Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A privilege vulnerability exists in the Mozilla Firefox Media Capture and Streams API. A remote user can exploit the vulnerability to display incorrect source information to the target user...

CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

D-Link DIR-100 Cross-Site Request Forgery Vulnerability

The D-Link DIR-100 is a compact broadband router with integrated firewall functionality. A cross-site request forgery vulnerability exists in D-Link DIR-100 version 1.01. It allows remote attackers to construct malicious URIs, trick users into parsing them, and can perform malicious actions in th...

HelpDEZk Cross-Site Request Forgery Vulnerability

HelpDEZk is a suite of PHP-based software for managing requests, events. A cross-site request forgery vulnerability exists in admin/home/person/ in HelpDEZk. It allows remote attackers to construct malicious URIs and trick users into parsing them, which can be used to perform malicious actions an...

Adobe Flash Player Use After Free Code Execution (APSB17-07: CVE-2017-3002)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...

Adobe Flash Player Use After Free Code Execution (APSB16-39: CVE-2016-7877)

A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file...