Secomea GateManager Code Issue Vulnerability

Secomea GateManager is a remote access server product from Secomea, Denmark. A code issue vulnerability exists in Secomea GateManager versions prior to 9.2c. The vulnerability stems from an improper design or implementation during code development for a network system or product. An attacker coul...

CVE-2020-15098

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic...

Potential Remote Code Execution in TYPO3 with mediace extension

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C 9.1 CWE-325, CWE-20, CWE-200, CWE-502 Problem It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message...

Sensitive Information Disclosure

It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code HMAC-SHA1 and can lead to various attack chains as described below...

CVE-2020-9297

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary...

ACF to REST API < 3.3.0 - Unauthenticated Arbitrary wp_options Disclosure

The plugin does not properly check for authorisation and allowed options to be retrieved from the wp-json/acf/v3/options/ endpoint. This could allow unauthenticated attacker to retrieve arbitrary values from the wpoptions table, such as a list of active plugins. PoC List all active plugins of the...

Code injection

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

CVE-2020-9296

Netflix Titus uses Java Bean Validation JSR 380 custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passe...

UBUNTU-CVE-2020-4050

In affected versions of WordPress, misuse of the set-screen-option filter's return value allows arbitrary user meta fields to be saved. It does require an admin to install a plugin that would misuse the filter. Once installed, it can be leveraged by low privileged users. This has been patched in...

CVE-2014-7175

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php...

Design/Logic Flaw

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php...

CVE-2014-7175

FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php...

CVE-2014-7175

CVE-2014-7175 affects FarSite Communications’ FarLinX X25 Gateway. An arbitrary write vulnerability exists that can allow an attacker to write data to fsUI.xyz via the fsSaveUIPersistence.php script. Public documents describe the impact for versions up to 2014-09-25; the materials provided do not...

Privilege Escalation

postfix is vulnerable to privilege escalation. A flaw was found in the way Postfix dereferences symbolic links. If a local user has write access to a mail spool directory with no root mailbox, it may be possible for them to append arbitrary data to files that root has write permission to...

Privilege Escalation

php is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the PHP moneyformat function. If a remote attacker was able to pass arbitrary data to the moneyformat function this could possibly result in an information leak or denial of service. Note that is is unusual...

Microstrategy Web Code Issue Vulnerability (CNVD-2020-23179)

Microstrategy Web is a set of U.S. Microstrategy's enterprise data analysis platform. The platform features data discovery, data visualization and report generation. A security vulnerability exists in the Upload Visualization plug-in for the administrator panel in Microstrategy Web version 10.4. ...

CVE-2020-11451

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...

Design/Logic Flaw

Trend Micro Apex One 2019 and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability...

CVE-2020-8599

Trend Micro Apex One 2019 and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability...

CVE-2020-8599

CVE-2020-8599 affects Trend Micro Apex One (2019) and OfficeScan XG servers. The issue is in a vulnerable EXE on the server that could let an unauthenticated remote attacker write arbitrary data to an arbitrary path and bypass ROOT login. The description indicates no authentication is required to...