CVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...

CVE-2021-46354

Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter "Addr" in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increas...

CVE-2021-46354

CVE-2021-46354 affects Thinfinity VirtualUI versions 2.1.28.0, 2.1.32.1, and 2.5.26.2; fixed in 3.0. The vulnerability is an information disclosure caused by the Addr parameter in the cmd site, enabling the vulnerable server to send requests to external systems and potentially reveal the real IP ...

Cybele Software Thinfinity VirtualUI 信息泄露漏洞

Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. Cybele Software Thinfinity VirtualUI suffers from an information disclosure...

CVE-2021-46233

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function mspinfo.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter...

CVE-2021-46233

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function mspinfo.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter...

CVE-2021-46233

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function mspinfo.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter...

Null pointer dereference

There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedardev that could use the ioctl cmd IOCTLGETIOMMUADDR to cause a system crash...

CVE-2021-38785

There is a NULL pointer deference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedardev that could use the ioctl cmd IOCTLGETIOMMUADDR to cause a system crash...

CVE-2021-38785

CVE-2021-38785 describes a NULL pointer dereference in the Allwinner R818 SoC Android Q SDK V1.0 camera driver /dev/cedar_dev. The issue can be triggered by the IOCTL_GET_IOMMU_ADDR ioctl, leading to a system crash. The available documents identify the affected component and the crash impact but ...

CVE-2021-38783

CVE-2021-38783 affects the Allwinner R818 SoC Android Q SDK V1.0 camera driver, exposing /dev/cedar_dev to iotcl IOCTL_SET_PROC_INFO and IOCTL_COPY_PROC_INFO. The root cause is an out-of-bounds write in the driver, which can cause a system crash or privilege escalation. Provided documents do not ...

The vulnerability of the WEB_CmdFileList() function implementation in D-Link DAP-2020 wireless access points allows a intruder to execute arbitrary code.

The vulnerability of the WEBCmdFileList function implementation in D-Link DAP-2020 wireless access points relates to the lack of measures taken to neutralize special elements used in operating system commands when processing CGI scripts. Exploiting this vulnerability can allow an attacker to...

Huawei EulerOS: Security Advisory for uboot-tools (EulerOS-SA-2021-2726)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Denial Of Service (DoS)

cmd/octorpki of github.com/cloudflare/cfrpki is vulnerable to denial of service. Due to lack of limitation in the depth of a certificate chain, when a CA creates children in an ad-hoc fashion, it results in never-ending tree traversal...

VulnCheck KEV: CVE-2020-9377

D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php...

PyHook - An Offensive API Hooking Tool Written In Python Designed To Catch Various Credentials Within The API Call

PyHook is the python implementation of my SharpHook project, It uses various API hooks in order to give us the desired credentials. PyHook Uses frida to inject it's dependencies into the target process Supported Processes Process | API Call | Description | Progress ---|---|---|--- mstsc |...

CVE-2021-40845

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...

CVE-2021-40845

The web part of Zenitel AlphaCom XE Audio Server through 11.2.3.10, called AlphaWeb XE, does not restrict file upload in the Custom Scripts section at php/index.php. Neither the content nor extension of the uploaded files is checked, allowing execution of PHP code under the /cmd directory...

Protect

A debug functionality in FortiGate may allow a privileged user to execute unauthorized code or commands via specific chains of print str and cmd mem cli commands to, respectively, read and write hexadecimal values to any memory address...

Security update for go1.16 (moderate)

openSUSE Security Update: Security update for go1.16 Announcement ID: openSUSE-SU-2021:1199-1 Rating: moderate References: 1182345 1189162 Cross-References: CVE-2021-36221 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability and has one errata is now available.Description...