2391 matches found
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Moxa MGate 5105-MB-EIP firmware version 4.1. Authentication is required to exploit this vulnerability. The specific flaw exists within the DestIP parameter within MainPing.asp. The issue results from...
PT-2020-14317 · Grocy · Grocy
Name of the Vulnerable Software and Affected Versions: Grocy versions = 2.7.1 Description: The issue is related to Cross-Site Scripting that can be exploited via the Create Shopping List module when it is deleted. This problem is also present in other modules, including users, batteries, chores,...
MGASA-2020-0042 Updated tigervnc packages fix security vulnerabilities
Updated tigervnc packages fix security vulnerabilities: The tigervnc package has been updated to version 1.10.1 to fix multiple unspecified security issues. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the othe...
DEBIAN-CVE-2016-1000027
Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution RCE issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's...
CVE-2020-5179
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. In some cases, authentication can be achieved with the comtech password fo...
CVE-2019-13943
A vulnerability has been identified in EN100 Ethernet module DNP3 variant All versions, EN100 Ethernet module IEC 61850 variant All versions V4.37, EN100 Ethernet module IEC104 variant All versions, EN100 Ethernet module Modbus TCP variant All versions, EN100 Ethernet module PROFINET IO variant A...
CVE-2019-18187
Trend Micro OfficeScan versions 11.0 and XG 12.0 could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution RCE. The remote process...
CVE-2019-18188
Trend Micro Apex One could be exploited by an attacker utilizing a command injection vulnerability to extract files from an arbitrary zip file to a specific folder on the Apex One server, which could potentially lead to remote code execution RCE. The remote process execution is bound to the IUSR...
CVE-2019-18187
Trend Micro OfficeScan versions 11.0 and XG 12.0 could be exploited by an attacker utilizing a directory traversal vulnerability to extract files from an arbitrary zip file to a specific folder on the OfficeScan server, which could potentially lead to remote code execution RCE. The remote process...
Cisco SPA100 Series Analog Telephone Adapters Remote Code Execution Vulnerability (CNVD-2019-39613)
The Cisco SPA100 Series Analog Telephone Adapters ATAs are an SPA100 series analog telephone adapter. A remote code execution vulnerability exists in the Cisco SPA100 Series Analog Telephone Adapters that stems from not properly validating user input submitted to the web-based management interfac...
Cisco SPA100 Series Analog Telephone Adapters Buffer Overflow Vulnerability (CNVD-2019-36458)
The Cisco SPA100 Series Analog Telephone Adapters ATAs are an SPA100 series of analog telephone adapters from Cisco USA. A buffer overflow vulnerability exists in the Cisco SPA100 Series ATAs, which arises from a program's failure to properly validate user-submitted input, and can be exploited to...
Cisco SPA100 Series Analog Telephone Adapters Buffer Overflow Vulnerability (CNVD-2019-36454)
The Cisco SPA100 Series Analog Telephone Adapters ATAs are an SPA100 series of analog telephone adapters from Cisco USA. A buffer overflow vulnerability exists in the Cisco SPA100 Series ATAs, which arises from a program's failure to properly validate user-submitted input, and can be exploited to...
CVE-2019-15242
Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapters ATAs could allow an authenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerabilities are due to improper validation of user-supplied input to the web-based management interface. An...
Directory Traversal
Overview iobroker.js-controller is a controller that is owning the central configuration of the ioBroker installation and controls and monitors all adapter processes for the current host. Affected versions of this package are vulnerable to Directory Traversal. An attacker can include file content...
CVE-2019-15018
A security vulnerability exists in the Zingbox Inspector versions 1.280 and earlier, where authentication is not required when binding the Inspector instance to a different customer tenant...
Directory Traversal
Overview iobroker.admin is an User interface for configuration and administration of ioBroker. Affected versions of this package are vulnerable to Directory Traversal. An attacker can include file contents from outside the /log/file1/ directory. Note: The attacker has to be logged in if the...
CVE-2019-12667
A vulnerability in the web framework code of Cisco IOS XE Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some...
Microsoft SharePoint Business Data Connectivity Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Business Data Connectivity Service. A crafted request can trigger the deserializati...
CVE-2019-1963
A vulnerability in the Simple Network Management Protocol SNMP input packet processor of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper...
CVE-2019-15528
An issue was discovered on D-Link DIR-823G devices with firmware V1.0.2B05. There is a command injection in HNAP1 exploitable with Authentication via shell metacharacters in the Interface field to SetStaticRouteSettings...