SAP Business Objects Web Intelligence Cross-Site Scripting Vulnerability

SAP Business Objects Web Intelligence is a centralized suite from SAP, Germany. It is used for data reporting, visualization, and sharing. A cross-site scripting vulnerability exists in SAP Business Objects Web Intelligence version 420, which stems from the lack of effective filtering and escapin...

Cisco Smart Software Manager On-Prem SQL Injection Vulnerability

Cisco Smart Software Manager On-Prem SSM On-Prem is a Cisco component for Cisco product license management. Cisco Smart Software Manager On-Prem SSM On-Prem suffers from a SQL injection vulnerability that originates from the web-based management interface not adequately validating user input. An...

Unrestricted Token Transfer and Minting

Lines of code Vulnerability details Impact An attacker could exploit this vulnerability to mint an unlimited number of tokens, potentially devaluing the token and manipulating the market. Proof of Concept: Proof of Concept --The contract allows anyone to call the onTokenTransfer function without...

Microsoft Windows DNS 安全漏洞

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...

CVE-2023-0083 The ArkUI framework subsystem doesn't check the input parameter,causing type confusion and invalid memory access.

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this vulnerability to send malicious data, causing the current application to crash...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS. An attacker could exploit the vulnerability to compromise device confidentiality...

Merchandise Online Store SQL Injection Vulnerability (CNVD-2022-40277)

Merchandise Online Store is a merchandise online store system. merchandise Online Store has a security vulnerability that can be exploited by attackers via /vloggersmerch/admin/?page=product/manageproduct&id= to conduct SQL injection attack...

Cisco IOS XE AVC-FNF Denial of Service Vulnerability

Cisco IOS XE is a set of operating systems developed by Cisco for its network devices.A denial of service vulnerability exists in Cisco IOS XE AVC-FNF, which originates from packets that do not adequately validate traffic inspected by the AVC function and can be exploited by attackers to cause a...

CVE-2010-10001 Shemes GrabIt NZB Date Parser denial of service

A vulnerability, which was classified as problematic, was found in Shemes GrabIt up to 1.7.2 Beta 4. This affects the component NZB Date Parser. The manipulation of the argument date with the input 1000000000000000 as part of a NZB File leads to a denial of service. It is possible to initiate the...

Radareorg Radare2 缓冲区错误漏洞

radare2 is a set of libraries and tools for working with binary files. radareorg Radare2 suffers from a buffer overflow vulnerability that stems from the product's failure to effectively determine memory boundaries, which could be exploited by an attacker to cause a buffer overflow...

Garrett Metal Detectors 缓冲区错误漏洞

Garrett Metal Detectors is a walk-in metal detector from Garrett, U.S.A. Garrett Metal Detectors is vulnerable to a buffer overflow vulnerability that can be exploited by attackers to cause a stack buffer overflow...

Google Chrome Compositing Security Bypass Vulnerability

Google Chrome is a web browser from Google, Inc. A security bypass vulnerability exists in Google Chrome Compositing. An attacker could exploit this vulnerability to bypass security restrictions...

Siemens Simcenter Femap Out-of-Bounds Reading Vulnerability

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. An out-of-bounds read vulnerability exists in Siemens Simcenter Femap, which is used to create, edit, and import/reuse mesh-based finite element analysis models of complex products or systems. When...

yourls 安全漏洞

YOURLS is an open source PHP-based short linking platform. A security vulnerability exists in yourls, which stems from the fact that yourls is susceptible to improper restrictions on rendering UI layers or frames. An attacker could exploit this vulnerability to cause an operation to be performed...

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. a security vulnerability in ark-r1cs-std crate in Mozilla Rust before 0.3.1, which stems from FieldVar:: the mulbyinverse method does not enforce any constraints and can be exploited by an attacker to launch...

Siemens JT2Go BMP File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP...

Chamilo SQL Injection Vulnerability

Chamilo is a learning management system focused on ease of use and accessibility. A SQL injection vulnerability exists in main/inc/ajax/model.ajax.php in Chamilo 1.11.14 and earlier versions. The vulnerability can be exploited by an attacker to conduct a SQL injection attack via the searchField,...

Stormshield Network Security 安全漏洞

Stormshield Network Security is a next-generation UTM Unified Threat Management firewall from Stormshield France. Stormshield Network Security suffers from a security vulnerability that can be exploited by an attacker to trigger a fatal error in order to trigger a denial of service...

Apache Tapestry Information Disclosure Vulnerability

Apache Tapestry is the United States Apache Apache Foundation of a Web application framework written in the Java language . An information disclosure vulnerability exists in Apache Tapestry, which can be exploited by an attacker to download files from WEB-INF using a specially constructed URL...

Information Disclosure Vulnerability in Samsung SL-J2920W, Samsung SL-J1560W Series, Samsung SL-J3560FW

Samsung China Investment Co., Ltd. is the headquarters of Samsung Group in China. By the end of 2008, 20 out of more than 30 companies under Samsung have invested in China, including Samsung Electronics, Samsung SDI, Samsung SDS and Samsung Electro-Mechanics. An information disclosure vulnerabili...