PT-2020-3897 · Microsoft · Windows Camera Codec Pack +1

Name of the Vulnerable Software and Affected Versions: Windows Camera Codec Pack affected versions not specified Description: A remote code execution issue exists due to improper handling of objects in memory by the Windows Camera Codec Pack. This could allow an attacker to run arbitrary code in...

Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting

Exploit Title: Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting Date: 2020-09-01 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://savsoftquiz.com/ Software Link: https://savsoftquiz.com/web/demo.php Version: 5.0 Tested on: Windows 10/Kali Linux Contact:...

The vulnerability of Windows CDP user components in the Windows operating system allows attackers to escalate their privileges.

The vulnerability of Windows CDP user components in the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges by running a specially created application...

CVE-2020-3517

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service DoS condition on an affected device. The attack vector is configuration dependent and...

Design/Logic Flaw

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service DoS condition on an affected device. The attack vector is configuration dependent and...

DEBIAN-CVE-2020-8621

In BIND 9.14.0 - 9.16.5, 9.17.0 - 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected...

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Savsoft Quiz 5 - Stored Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10...

CVE-2020-1483

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrativ...

New attack vector ReVoLTE lets hackers monitor phone calls

By Sudais Asif New attack vector ReVoLTE breaks the encryption on VoLTE calls. This is a post from HackRead.com Read the original post: New attack vector ReVoLTE lets hackers monitor phone calls...

PT-2020-3943 · Microsoft · Windows Gdi +1

Name of the Vulnerable Software and Affected Versions: Windows GDI component affected versions not specified Description: An information disclosure issue exists due to the improper handling of memory contents by the Windows GDI component. This could allow an attacker to obtain information that...

Security Bulletin: There are vulnerabilities in the IBM® Java Runtime Environment™ used by DB2 Recovery Expert for Linux, Unix and Windows

Summary An unspecified vulnerability in Java SE related to the Java SE Libraries component could allow an unauthenticated attacker to take control of the system. An unspecified vulnerability in multiple Oracle products could allow an unauthenticated attacker to take control of the system. An...

Carbon Black EDR’s All-New Live Query Capability and Enhanced Fileless Visibility

VMware Carbon Black is excited to announce that VMware Carbon Black EDR formerly CB Response, recently named by Gartner as a 2020 Customers’ Choice for Endpoint Detection and Response solutions, now features enhanced insight into fileless activity via Microsoft’s AMSI and a brand new Live Query...

5vshop e-commerce system has a logic flaw vulnerability

5vshop e-commerce system is shijiazhuang zhenghong network technology limited company a station building system. 5vshop e-commerce system has a logic flaw vulnerability, attackers can use this vulnerability to arbitrarily modify the payment amount, resulting in economic losses...

EmpireCMS is vulnerable to information leakage

EmpireCMS is a content management system CMS. EmpireCMS suffers from an information disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information...

Zoom Addresses Vanity URL Zero-Day

A previously undisclosed bug in Zoom’s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information. Disclosed by Zoom and Check Point on Thursday, the security flaw existed in the “Vanity URL”...

Libstar Intelligent Library Service Platform of Jiangsu Tuxing Software Technology Limited Liability Company suffers from logic flaw vulnerability

Libstar Intelligent Library Service Platform is a library management system that utilizes a service-oriented architecture framework. Libstar Intelligent Library Service Platform of Jiangsu Tuxing Software Technology Co., Ltd. has a logic flaw vulnerability that can be exploited by an attacker to...

Enterprise Token Ecosystem Digital Error Vulnerability

Enterprise Token Ecosystem ETE ContractName:NetkillerToken is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in ETE's smart contract implementation. An attacker could use this vulnerability to set the balance of any user to an arbitrary...

The vulnerability of the Windows Error Reporting Manager’s error report dispatcher in Microsoft Windows operating systems allows attackers to exploit their privileges.

The vulnerability of the Windows Error Reporting Manager’s error reporting dashboard in Microsoft Windows operating systems is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges by running a specially created application...

File upload vulnerability in beescms backend

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A file upload vulnerability exists in the beescms backend. An attacker can exploit the vulnerability to upload malicious files and gain server privileges...