CVE-2020-8599

Trend Micro Apex One 2019 and OfficeScan XG server contain a vulnerable EXE file that could allow a remote attacker to write arbitrary data to an arbitrary path on affected installations and bypass ROOT login. Authentication is not required to exploit this vulnerability...

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

CVE-2018-20586

CVE-2018-20586 affects bitcoind and Bitcoin-Qt prior to 0.17.1, where an RPC call can inject arbitrary data into the debug log. Affected component: Bitcoin Core’s RPC/debug logging. Root cause: ability to write arbitrary data via RPC into logs. Impact: log contents could be polluted with attacker...

CVE-2018-20586

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call...

CVE-2018-20586

Removed by vendor...

Taffy has an unspecified vulnerability

Taffy is a data selection engine that supports insertion, updating and statistics. A security vulnerability exists in taffy 2.6.2 and earlier versions. An attacker can exploit the vulnerability to access arbitrary data entries in the DB with the help of user input with redundant attributes...

Jobberbase SQL Injection Vulnerability (CNVD-2020-04571)

Jobberbase is an open source platform for building job search websites. A SQL injection vulnerability exists in Jobberbase. The vulnerability stems from a lack of validation of externally entered SQL statements in the database-based application. An attacker can exploit this vulnerability to execu...

Siemens SiNVR 3 Central Control Server (CCS) Elevation of Privilege Vulnerability

SiNVR is the Siemens OEM version of SiVMS, a video management solution acquired by PKE Deutsch land gmmbH and formerly distributed by Schille Informationssysteme gmmbH. An elevation of privilege vulnerability exists in Siemens SiNVR 3 Central Control Server CCS. A remote attacker could use this...

CVE-2019-16404

Authenticated SQL Injection in interface/forms/eyemag/js/eyebase.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter...

CVE-2019-12806

UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets...

CVE-2018-20914

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files SEC-368...

CVE-2018-20914

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files SEC-368...

Command injection

In cPanel before 70.0.23, OpenID providers can inject arbitrary data into cPanel session files SEC-368...

WordPress Viral Quiz Maker - OnionBuzz Plugin SQL Injection Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Viral Quiz Maker - OnionBuzz plugin is one of the quiz plugins used in it. A SQL injection vulnerability exists in WordPress Viral Quiz...

Internet Bug Bounty: Basic Authentication Heap Overflow

Summary: An attacker can get arbitrary data overflowed in the heap via Basic Authorization base64 blob. Even when basic auth isn't configured. Report sent to developers When calling HttpHeader::getAuth the field value will be base64 decoded. The call to the decode method doesn't ensure that the...

CVE-2019-13132

In ZeroMQ libzmq before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.3.2, a remote, unauthenticated client connecting to a libzmq application, running with a socket listening with CURVE encryption/authentication enabled, may cause a stack overflow and overwrite the stack with arbitrary data, due...

Cisco Integrated Management Controller Access Control Error Vulnerability (CNVD-2019-18903)

Cisco Integrated Management Controller IMC is a set of software from the American company Cisco Cisco for the management of UCS Unified Computing System. The software supports HTTP, SSH access, etc., and can perform operations such as powering on, powering off and rebooting the server. An access...

CVE-2019-1629

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

CVE-2019-1629

A vulnerability in the configuration import utility of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to have write access and upload arbitrary data to the filesystem. The vulnerability is due to a failure to delete temporarily uploaded files. An attack...

Buffer overflow and format vulnerabilities in functions exposed without unsafe

ncurses exposes functions from the ncurses library which: - Pass buffers without length to C functions that may write an arbitrary amount of data, leading to a buffer overflow. instr, mvwinstr, etc - Passes rust &str to strings expecting C format arguments, allowing hostile input to execute a...