Microsoft Office 资源管理错误漏洞

Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There is a resource management vulnerability in Microsoft Office. Attackers can exploit this...

Apple macOS 安全漏洞

Apple macOS is a set of specialized operating systems developed for Mac computers by the American company Apple Apple. A security vulnerability exists in Apple macOS Sequoia versions prior to 15.2. An attacker can exploit the vulnerability to elevate privileges...

Jenkins: Temporary file parameter created with insecure permissions

A flaw was found in Jenkins. When triggering a build from the Jenkins CLI, Jenkins creates a temporary file on the controller if a file parameter is provided through the CLI’s standard input. Affected versions of Jenkins create this temporary file in the default temporary directory with the defau...

phpMyFAQ 跨站脚本漏洞

phpMyFAQ is a multi-language, fully database-driven FAQ system by the individual developer Thorsten Rinne. A cross-site scripting vulnerability exists in phpMyFAQ versions prior to 3.1.12. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

Vulnerability fixed in Citrix Gateway and ADC

Citrix has fixed a vulnerability in Citrix Gateway and Citrix ADC. An unauthenticated remote malicious person could exploit the exploit the vulnerability to execute arbitrary code. To do so, rogue network traffic must be sent to the vulnerable system be sent. Gateway and ADC systems are only...

Samsung SMR资源管理错误漏洞

Samsung SMR is a system patch package from South Korea's Samsung Samsung. The Samsung SMR DSP driver is vulnerable to resource management errors, which can be exploited by attackers to perform malicious operations...

Vim Buffer Overflow Vulnerability (CNVD-2022-05070)

Vim is a UNIX-based editor. Vim is vulnerable to a buffer overflow vulnerability that could be exploited by attackers to execute code...

Unauthorized Access Vulnerability in SINDOH A603_A608 at SINDOH (Qingdao) Office Systems Co.

Xindu Qingdao Office System Co., Ltd. is a professional office equipment enterprise integrating research and development, production, sales and after-sales service. SINDOH A603A608 of SINDOH Qingdao Office Systems Co., Ltd. has an unauthorized access vulnerability, which can be exploited by an...

File upload vulnerability in HongCMS (CNVD-2021-46896)

HongCMS is a lightweight website system. A file upload vulnerability exists in HongCMS, which can be exploited by attackers to gain control of the server...

Microsoft Windows and Windows Server Remote Code Execution Vulnerability (CNVD-2021-71407)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation, an operating system for personal devices, and Microsoft Windows Server, a server operating system. A remote code execution vulnerability exists in the "Remote Procedure Call Runtime" in Microsoft Windows an...

CVE-2020-9404

In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stored in an insecure manner, and may be modified by an attacker with no knowledge of the current passwords...

Active Defense Bypass Vulnerability in SmartMass Endpoint Security

Wizards Endpoint Security is a professional and practical artificial intelligence-based antivirus software. Wise Terminal Security has an active defense bypass vulnerability that can be exploited by attackers to cause a program crash...

Hardcoded credentials

"HCL AppScan Enterprise uses hard-coded credentials which can be exploited by attackers to get unauthorized access to application's encrypted files."...