CVE-2022-43438

The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...

CVE-2022-39042

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

CVE-2022-39042 aEnrich a+HRD - Improper Authentication

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

RUSTSEC-2022-0097 Out of bounds write in `wasmtime_trap_code` C API function

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-h84q-m8rr-3v9q. For more information see the GitHub-hosted security advisory...

CVE-2022-37092

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById...

GHSA-JJC5-FP7P-6F8W Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD

Impact This impacts users that use Shescape any API function to escape arguments for cmd.exe on Windows. An attacker can omit all arguments following their input by including a line feed character '\n' in the payload. Example: javascript import cp from "node:childprocess"; import as shescape from...

Buffer overflow

Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services...

InHand Networks InRouter302缓冲区溢出漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A buffer overflow vulnerability exists in InHand Networks InRouter302 version V3.5.4, which stems from the httpd parsepingresult API function A boundary error occurs when handling untrusted input, which can be...

Attackers Use Event Logs to Hide Malware

Researchers have discovered a malicious campaign utilizing a never-before-seen technique for quietly planting fileless malware on target machines. The technique involves injecting shellcode directly into Windows event logs. This allows adversaries to use the Windows event logs as a cover for...

TYPO3 API function vulnerable to Cross-site Scripting

Cross-site scripting XSS vulnerability in the t3libdiv::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing...

CVE-2022-26676

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

CVE-2022-26676 aEnrich a+HRD - Broken Access Control

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service...

CVE-2021-46006

In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not authenticated. Using this function, an attacker can configure multiple settings without authentication...

Jektor - A Windows User-Mode Shellcode Execution Tool That Demonstrates Various Techniques That Malware Uses

This utility focuses on shellcode injection techniques to demonstrate methods that malware may use to execute shellcode on a victim system Dynamically resolves API functions to evade IAT inclusion Includes usage of undocumented NT Windows API functions Supports local shellcode execution via...

CVE-2021-38477

There are multiple API function codes that permit reading and writing data to or from files and directories, which could lead to the manipulation and/or the deletion of files...

CVE-2021-38471

There are multiple API function codes that permit data writing to any file, which may allow an attacker to modify existing files or create new files...

Null pointer dereference

Many API function codes receive raw pointers remotely from the user and trust these pointers as valid in-bound memory regions. An attacker can manipulate API functions by writing arbitrary data into the resolved address of a raw pointer...

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2021-1721)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : libssh (ELSA-2020-4545)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4545 advisory. - Add a test for CVE-2019-14889 - Fixed CVE-2019-14889 1781782 - Fixed CVE-2020-1730 1802422 Tenable has extracted the preceding description block...

CVE-2019-9119

An issue was discovered on Motorola C1 and M2 devices with firmware 1.01 and 1.07 respectively. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a...