931 matches found
The vulnerability of TP-Link MR3020 router’s microprogramming software, related to the lack of measures taken to clean data at the control level, allows attackers to execute arbitrary commands.
The vulnerability of TP-Link MR3020 router’s microprogramming software is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially crafted tftp request to the destination...
The vulnerability in the implementation of the PAPI network protocol for ArubaOS operating systems allows a hacker to execute arbitrary code.
The vulnerability of the PAPI network protocol implementation in ArubaOS operating systems is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the application software interface of the software platform for managing security in industrial networks, MXSecurity, allows a perpetrator to execute arbitrary commands.
The vulnerability of the application software interface of the MXSecurity software platform for managing security in industrial networks is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the command-line interface of ArubaOS systems allows a hacker to execute arbitrary commands.
The vulnerability of the command-line interface of ArubaOS systems is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the PowerScale OneFS operating system, related to the lack of measures for cleaning input data, allows a perpetrator to execute arbitrary commands, expose sensitive information, or cause service failures.
The vulnerability of the PowerScale OneFS operating system is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows an attacker to execute arbitrary commands, expose protected information, or cause service failures...
The vulnerability in the web administration interface of the Pulse Connect Secure VPN server for corporate networks allows a perpetrator to execute arbitrary code.
The vulnerability in the web-based administration interface of the Pulse Connect Secure VPN server for corporate networks is related to insufficient cleaning of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted request...
The vulnerability of the settings/delStaticDhcpRules file in TOTOLINK A7100RU router microprogramming software allows a perpetrator to execute arbitrary commands.
The vulnerability of the settings/delStaticDhcpRules file in TOTOLINK A7100RU router microprogramming software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability in the web interface of Netgear N600 (WNDR3700)’s microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the web interface of Netgear N600 WNDR3700 microprogramming software routers is related to the lack of measures for cleaning input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...
The vulnerability of the delivery interface component in NetScaler SD-WAN and Citrix SD-WAN software management tools allows attackers to enhance their privileges.
The vulnerability of the delivery interface component in NetScaler SD-WAN and Citrix SD-WAN software management tools is related to insufficient cleaning of input data. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...
SUSE CVE-2010-1619
Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...
SUSE CVE-2021-26933
An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen needs to ensure that all writes such as the ones during scrubbing have reached the memory before handing over the page to a guest...
The vulnerability of Sonatype Nexus Repository Manager lies in the lack of measures to clean input data, allowing a perpetrator to execute arbitrary code.
The vulnerability of Sonatype Nexus Repository Manager is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming software VPN routers lies in insufficient cleaning of special elements in the output data used by the incoming component. This allows a malicious actor to execute arbitrary commands.
The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming systems lies in insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote...
nemo-appium 安全漏洞
nemo-appium is an open source plugin for PayPal. It is used to start the appium server during Nemo startup and terminate it at driver time. A security vulnerability exists in versions prior to nemo-appium 0.0.9, which stems from improper cleaning of user input...
The vulnerability of the Server Message Block Version 2 (SMB2) protocol implementation in the Snort intrusion detection system of Cisco Firepower Threat Defense (FTD), the Cisco Meraki MX network device management software, the Cisco Cyber Vision industrial network security control solution, and the Cisco Umbrella cloud security service allows a perpetrator to bypass security restrictions and cause service interruptions.
The vulnerability of the Server Message Block Version 2 SMB2 implementation in the Snort intrusion detection system of the Cisco Firepower Threat Defense FTD microprogramming network interface devices, the Cisco Meraki MX network devices, the Cisco Cyber Vision industrial network security control...
The vulnerability of the CIFS file system’s arbitrary utility command, related to the lack of measures for cleaning input data, allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the CIFS file system’s arbitrary utility command related to the lack of measures for cleaning input data. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...
GSD-2023-1000134 Bluetooth: Fix not cleanup led when bt_init fails
Bluetooth: Fix not cleanup led when btinit fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.83 by commit...
Friday Squid Blogging: How to Buy Fresh or Frozen Squid
Good advice on buying squid. I like to buy whole fresh squid and clean it myself. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...
WordPress plugin Survey Maker 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
The vulnerability of the Moodle course management system lies in the insufficient cleaning of user data in several “social” fields of the user profile. This allows attackers to carry out attacks using cross-site scripting (XSS).
The vulnerability of the Moodle course management system is related to insufficient cleaning of user data in several “social” fields of the user’s profile. Exploiting this vulnerability allows a malicious actor to carry out attacks using cross-site scripting XSS...