PT-2021-16554 · Unknown · Sticker Center

Name of the Vulnerable Software and Affected Versions: stickerCenter versions prior to SMR APR-2021 Release 1 Description: The issue is related to improper access control, allowing local attackers to read or write arbitrary files of system process via untrusted applications. Recommendations: For...

F5 BIGIP TMUI Remote Command Execution Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, and remote access policy management. The F5 BIGIP TMUI Remote Command Execution vulnerability can be exploited by an attacker to execute arbitrary system commands,...

IBM Security Guardium Improper Access Control Vulnerability

IBM Security Guardium is a comprehensive data protection solution that offers a full range of data security features from compliance support to dynamic data shielding. An improper access control vulnerability exists in IBM Security Guardium 11.2. An attacker could exploit the vulnerability to gai...

Orangehrm SQL Injection Vulnerability (CNVD-2021-01999)

Orangehrm is a human resource management system HRM from Orangehrm, USA. The system supports personnel information management, leave management, attendance management and recruitment management. OrangeHRM versions prior to 4.6.0.1 suffer from a SQL injection vulnerability that stems from the...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Sterling External Authentication Server (CVE-2015-7575, CVE-2016-0475, CVE-2015-4872, CVE-2015-5006)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 7.0 that is used by IBM Sterling External Authentication Server. These issues were disclosed as part of the IBM Java Runtime updates in October 2015 and January 2016 and include the...

Advantech WISE-PaaS/RMM Unauthorized Access Vulnerability

Advantech WISE-PaaS/RMM is a remote monitoring and management platform for IoT devices. An unauthorized access vulnerability exists in Advantech WISE-PaaS/RMM, which can be exploited by an attacker to submit a special request for unauthorized access to a device...

Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access Exploit

/ Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...

CVE-2018-3168

Vulnerability in the Oracle Identity Analytics component of Oracle Fusion Middleware subcomponent: Core Components. The supported version that is affected is 11.1.1.5.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Identity...

mysql: Server: DML unspecified vulnerability (CPU Oct 2017)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: DML. Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

The vulnerability in the embedded microprogramming software of Comcast’s Cisco DPC3939 allows a hacker to gain root access to the Linux application processor and execute arbitrary code.

The vulnerability in the embedded microprogramming software of Comcast’s Cisco DPC3939 router is related to deficiencies in access control for the Linux network processor. Exploiting this vulnerability allows a malicious actor to gain root access to the Linux application processor and execute...

SUSE-SU-2017:2498-1 Security update for Linux Kernel Live Patch 20 for SLE 12

This update for the Linux Kernel 3.12.61-5269 fixes several issues. The following security bugs were fixed: - CVE-2017-1000112: Prevent a race condition in net-packet code that could have been exploited by unprivileged users to gain root access bsc1052368...

Directory Traversal

Overview Affected versions of getcityapi.yoehoehne resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the...

CVE-2015-8626

The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack...

EUVD-2016-6623

cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...

5star by Templatic - CSRF File Upload

Description The 5star WordPress theme was affected by a Templatic Theme CSRF File Upload security vulnerability. File Access: https://example.com/wp-content/themes/5star/images/tmp/yourshell.php...

DansGuardian Webmin Module 0.x Edit.CGI Remote Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9394/info A problem has been identified in the handling of input by scripts packaged with the DansGuardian Webmin Module. Because of this, it is possible for a remote to gain access to potentially sensitive information...

CVE-2013-7270

The packetrecvmsg function in net/packet/afpacket.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a 1 recvfrom, 2 recvmmsg, or...

GLPI v0.83.7 (itemtype) Parameter Traversal Arbitrary File Access Exploit

Summary GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was designed by Indepnet Association a non profit organisation in 2003. GLPI is a free asset and IT management software package, it also offers functionalities like servicedesk ITIL or...

PT-2013-17: Arbitrary Files Reading in mnoGoSearch

Positive Technologies experts have detected an Arbitrary Files Reading vulnerability in mnoGoSearch. Passing startup parameters via QUERYSTRING http://tools.ietf.org/html/draft-robinson-www-interface-00section-7 for an application running in CGI mode can be used to set page template path variable...

CVE-2011-1352

The CVE-2011-1352 issue affects the PowerVR SGX driver used in Android prior to 2.3.6. A local attacker can trigger kernel memory corruption via the pvrsrvkm device by supplying crafted user data, enabling privilege escalation to root. Multiple connected sources (including Levitator exploit code,...