CVE-2021-29098

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...

PT-2021-18086 · Esri · Arcgis Desktop +3

Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier ArcGIS Desktop versions 10.8.1 and earlier ArcGIS Engine versions 10.8.1 and earlier ArcGIS Pro versions 2.7 and earlier Description: The issue arises from multiple uninitialized pointer...

Adobe Animate 缓冲区错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A buffer overflow vulnerability exists in Adobe Animate 21.0.3 and earlier versions, which can be exploited by an unauthenticated attacker to achieve arbitrary code execution in the context of the current...

CVE-2021-27255

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refreshstatus.aspx endpoint. The issue results from a lack o...

Matthias Van Woensel qcubed 安全漏洞

Matthias Van Woensel qcubed is an application by Matthias Van Woensel. It provides a PHP model-view-controller framework for rapid application development. A security vulnerability exists in qcubed all versions including 3.1.1 that allows unauthenticated code execution via a crafted POST request...

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...

Multiple Cisco Product Licensing Issues Vulnerabilities

The Cisco RV160, among others, is a router from Cisco, USA that is used in enterprise environments. An authorization issue vulnerability exists in the Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers, which could be exploited by an unauthenticated, remote attacker to...

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. Exploiting the vulnerabilities allows an unauthenticated malicious person to execute willful code with permissions of the application. To do this, the malicious party must have...

CVE-2020-5640

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors...

Vulnerabilities fixed in Red Hat ipa

Vulnerabilities have been fixed in Red Hat ipa. The vulnerabilities allow an unauthenticated malicious person to execute arbitrary code on the victim's browser. To do this, the malicious party must trick the victim into following a rogue hyper-link to follow. In addition, the vulnerabilities enab...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

Code injection

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

CVE-2020-16147

The CVE-2020-16147 entry concerns Telmat AccessLog (versions ≤ 6.0, TAL_20180415). According to connected sources, the vulnerability stems from an incorrectly programmed call to an advanced local procedure in the login page, enabling an unauthenticated attacker to inject code over the network and...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

House Rental 1.0 SQL Injection Exploit

Exploit for php platform in category web applications Exploit Title: House Rental v1.0 - PDO Bypass SQL Injection - Unauthenticated Code Execution - Change Admin Password Exploit Author: Bobby Cooke boku & Adeeb Shah @hyd3sec Vendor Homepage: https://projectworlds.in Software Link:...

CVE-2020-15433

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxphppecl.php. When parsing the phpversion parameter, the process...

CVE-2020-15427

This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxdiskusage.php. When parsing the folderName parameter, the process...

Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products

Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller ADC, Gateway, and SD-WAN WAN Optimization edition WANOP networking products. Successful exploitation of these critical flaws could let unauthenticated attackers...

CVE-2019-13171

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by one or more stack-based buffer overflow vulnerabilities in the Google Cloud Print implementation that would allow an unauthenticated attacker to execute arbitrary code on the device. This was caused by an insecure handlin...