54 matches found
PT-2020-3806 · Microsoft · Windows Backup Engine +1
Name of the Vulnerable Software and Affected Versions: Windows Backup Engine affected versions not specified Description: The issue is caused by a buffer overflow in memory, allowing an attacker to elevate their privileges using a specially crafted application. To exploit this, an attacker must...
Systech NDS-5008 Cross-Site Scripting Vulnerability
The Systech NDS-5008 is a terminal server from Systech USA. A cross-site scripting vulnerability exists in the Systech NDS-5000 Terminal Server NDS/5008 8 Port, RJ45 using firmware version 02D.30. The vulnerability stems from the lack of proper validation of client data by the WEB application. An...
CVE-2020-0775
An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'...
CVE-2020-0705
An information disclosure vulnerability exists when the Windows Network Driver Interface Specification NDIS improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Driver Interface Specification NDIS...
Trend Micro Security 2020 DLL Hijacking Vulnerability
Trend Micro Security 2020 is a suite of computer security protection software from Trend Micro. Trend Micro Security 2020 suffers from a DLL hijacking vulnerability. An attacker could exploit this vulnerability to execute a malicious program...
FusionPBX Cross-Site Scripting Vulnerability (CNVD-2019-37369)
FusionPBX is a scalable, multi-threaded communications platform. The platform can be used as a call center server, fax server, VOIP server, voicemail server, conference server and voice application server. A cross-site scripting vulnerability exists in FusionPBX. An attacker can exploit this...
Arbitrary Code Execution
numpy is vulnerable to arbitrary code execution. A use-after-free in arraytypes.c.src occurs when constructing object array from a void array, which would potentially allow an attacker to execute arbitrary code...
WordPress events-manager plugin cross-site scripting vulnerability (CNVD-2019-30594)
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. events-manager is an events management plugin used in it. A cross-site scripting vulnerability exists in the WordPress...
Remote Code Execution (RCE)
ChakraCore is vulnerable to remote code execution RCE. This is due to how the scripting engine handles objects in memory, allowing a remote attacker to execute arbitrary code in the context of the current user...
CVE-2019-0998
An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges on the victim system. To exploit the vulnerability, an attacker would first have to gain execution o...
CVE-2019-8316
An issue was discovered on D-Link DIR-878 devices with firmware 1.12A1. This issue is a Command Injection allowing a remote attacker to execute arbitrary code, and get a root shell. A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted /HNAP1 POST...
Apple OSX WindowServer: heap overflow vulnerability lead to mention the right vulnerability-vulnerability warning-the black bar safety net
! CVE ID CVE-2 0 1 6-4 6 4 0 The CVSS Score 4.4, AV:L/AC:M/Au:N/C:P/I:P/A:P The affected supplier Apple The affected products OSX Vulnerability details This vulnerability allows a remote attacker is able to in easy to install Apple OSX on the execution of arbitrary code. Exploitation of this...
MyServer 0.4.3 - GET Argument Buffer Overflow
MyServer 0.4.3 - GET Argument Buffer Overflow // source: https://www.securityfocus.com/bid/7770/info myServer has been reported prone to a remote buffer overflow vulnerability. The vulnerability exists when the web server attempts to process HTTP GET requests of excessive length. Although...
Cisco Secure ACS for Windows NT 3.0 - Cross-Site Scripting
Cisco Secure ACS for Windows NT 3.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5026/info Cisco Secure ACS is an access control and accounting server system. It is distributed and maintained by Cisco, and in this vulnerability affects implementations on the Microsoft Windows ...