86 matches found
CVE-2022-4612
A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has be...
Cross site scripting
A vulnerability was found in starter-public-edition-4 up to 4.6.10. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 4.6.11 is able to address this issue. The...
CVE-2022-4522 CalendarXP cross site scripting
A vulnerability classified as problematic was found in CalendarXP up to 10.0.1. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 10.0.2 is able to address this issue. The name of the patch is...
Cross site scripting
A vulnerability was found in ipti br.tag. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.13.0 is able to address this issue. The name of th...
ManyDesigns Portofino subject to creation of insecure temporary file
A vulnerability has been found in ManyDesigns Portofino 5.3.2. Affected by this vulnerability is the function createTempDir of the file WarFileLauncher.java. The manipulation leads to creation of temporary file in directory with insecure permissions. Upgrading to version 5.3.3 is able to address...
CVE-2022-3705 vim autocmd quickfix.c qf_update_buffer use after free
A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qfupdatebuffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to...
Microsoft Endpoint Configuration Manager 安全漏洞
Microsoft Endpoint Configuration Manager is a local management solution from Microsoft. It is used to manage networked or Internet-based desktops, servers, and laptops. A security vulnerability exists in Microsoft Endpoint Configuration Manager, which can be exploited by an attacker to gain acces...
Hardcoded credentials
A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials...
CVE-2021-4229 ua-parser-js Crypto Mining backdoor
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component...
Dell RSA BSAFE Micro Edition Suite Information Disclosure Vulnerability (CNVD-2019-40481)
Dell RSA BSAFE Micro Edition Suite is an encryption toolkit from Dell USA. An information disclosure vulnerability exists in Dell RSA BSAFE Micro Edition Suite. The vulnerability stems from an error in configuration or other errors in the operation of a networked system or product. An attacker...
Mooltipass Mini Information Disclosure Vulnerability
Mooltipass Mini is a password management device. An information disclosure vulnerability exists in Mooltipass Mini. The vulnerability arises from errors such as configuration during operation of a networked system or product. An unauthorized attacker could exploit the vulnerability to obtain...
Logitech Unifying Device Information Disclosure Vulnerability
Logitech Unifying is a USB type signal receiver from Logitech, Switzerland. An information disclosure vulnerability exists in the Logitech Unifying device. An attacker could exploit the vulnerability to obtain sensitive information about an affected component...
Moxa AWK-3121 Information Disclosure Vulnerability
Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. An information disclosure vulnerability exists in the Moxa AWK-3121 version 1.14, which can be exploited by unauthorized attackers to obtain sensitive information about an affected component...
Optergy Proton/Enterprise Information Disclosure Vulnerability
Optergy Proton/Enterprise is an enterprise building management system from Optergy USA. An information disclosure vulnerability exists in Optergy Proton/Enterprise version 2.3.0a and prior versions, which can be exploited by an unauthorized attacker to obtain sensitive information about an affect...
Privilege Escalation
MySQL Server is vulnerable to privilege escalation. The vulnerability exists as an unspecified vulnerability in Oracle MySQL . This allows a remote authenticated user to manipulate with an unknown input. affected component is 'Privileges'...
NVIDIA graphics driver information disclosure vulnerability
NVIDIA graphics driver is a graphics driver from the American company NVIDIA. An information disclosure vulnerability exists in NVIDIA graphics driver. An attacker could exploit this vulnerability to obtain sensitive information about an affected component...
TWiki 6.0.2 Cross Site Scripting
bin/statistics in TWiki 6.0.2 allows XSS via the webs parameterCVE-2018-20212 Vulnerability Type Cross Site Scripting XSS Vendor of Product: twiki Affected Product Version twiki - 6.0.2 Affected Component twiki/bin/statistics Attack Type Remote Attack Vectors /twiki/bin/statistics?webs=alert1...
Buffer overflow
Sharutils sharutils unshar command version 4.15.2 contains a Buffer Overflow vulnerability in Affected component on the file unshar.c at line 75, function lookslikeccode. Failure to perform checking of the buffer containing input line. that can result in Could lead to code execution. This attack...
CVE-2018-1000097
CVE-2018-1000097 affects Sharutils’ unshar utility. The buffer-overflow vulnerability in unshar.c (line 75, looks_like_c_code) allows an attacker-controlled input file to cause arbitrary code execution or crash. Debian reports fixes: 4.15.2-2+deb9u1 for Stretch (stable) and 4.14-2+deb8u1 for olds...
Joomla Some Component LFI Vulnerability (Jan 2012) - Active Check
Joomla Some component is prone to local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...