CVE-2020-24569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

Sql injection

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

Authentication flaw

Improper Authentication vulnerability in WAGO 750-8XX series with FW version = FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO...

CVE-2020-24569

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information...

SusanTokenERC20 Numeric Error Vulnerability

SusanTokenERC20 is an Ether-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in the smart contract implementation of SusanTokenERC20. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

CVE-2020-1252

A remote code execution vulnerability exists when Windows improperly handles objects in memory. To exploit the vulnerability an attacker would have to convince a user to run a specially crafted application. An attacker who successfully exploited this vulnerability could execute arbitrary code and...

CVE-2020-1012

An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. There are multiple ways an attacker could exploit the vulnerability: In a web-based atta...

CVE-2020-0998

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. In a local attack scenario, an attacker could exploit this vulnerability b...

CVE-2020-0914

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. An attacker could exploit this vulnerability b...

HELP Digit Error Vulnerability

HELP is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in the smart contract implementation of HELP. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

PT-2020-3897 · Microsoft · Windows Camera Codec Pack +1

Name of the Vulnerable Software and Affected Versions: Windows Camera Codec Pack affected versions not specified Description: A remote code execution issue exists due to improper handling of objects in memory by the Windows Camera Codec Pack. This could allow an attacker to run arbitrary code in...

Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting

Exploit Title: Savsoft Quiz Enterprise Version 5.5 - Persistent Cross-Site Scripting Date: 2020-09-01 Exploit Author: Hemant Patidar HemantSolo Vendor Homepage: https://savsoftquiz.com/ Software Link: https://savsoftquiz.com/web/demo.php Version: 5.0 Tested on: Windows 10/Kali Linux Contact:...

The vulnerability of Windows CDP user components in the Windows operating system allows attackers to escalate their privileges.

The vulnerability of Windows CDP user components in the Windows operating system is related to errors in object handling in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges by running a specially created application...

CVE-2020-3517

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service DoS condition on an affected device. The attack vector is configuration dependent and...

Design/Logic Flaw

A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated attacker to cause process crashes, which could result in a denial of service DoS condition on an affected device. The attack vector is configuration dependent and...

DEBIAN-CVE-2020-8621

In BIND 9.14.0 - 9.16.5, 9.17.0 - 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash. Servers that 'forward only' are not affected...

mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2021)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 5.7.30 and prior and 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

Savsoft Quiz 5 - Stored Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Savsoft Quiz 5 - Stored Cross-Site Scripting Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://savsoftquiz.com/ Software Link: https://github.com/savsofts/savsoftquizv5.git Version: 5.0 Tested on: Windows 10...

CVE-2020-1483

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrativ...

New attack vector ReVoLTE lets hackers monitor phone calls

By Sudais Asif New attack vector ReVoLTE breaks the encryption on VoLTE calls. This is a post from HackRead.com Read the original post: New attack vector ReVoLTE lets hackers monitor phone calls...