33 matches found
EUVD-2021-13168
Malware in sbrugna...
CVE-2024-5185 Data Poisoning in EmbedAI
The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure...
CVE-2023-20524
An attacker with a compromised ASP could possibly send malformed commands to an ASP on another CPU, resulting in an out of bounds write, potentially leading to a loss a loss of integrity...
CVE-2021-46779
Insufficient input validation in SVCECCPRIMITIVE system call in a compromised user application or ABL may allow an attacker to corrupt ASP AMD Secure Processor OS memory which may lead to potential loss of integrity and availability...
AMD System Management Unit 缓冲区错误漏洞
The AMD System Management Unit SMU is a system management unit of AMD Corporation. A security vulnerability exists in the AMD System Management Unit that originates from memory and code execution corruption due to the use of a malicious or compromised UApp or ABL to issue a malformed system call ...
PT-2022-9752 · Amd · Athlon™ Series +50
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader, potentially leading to...
Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform
Details tied to a pair of remote code execution bugs in Microsoft’s IoT security platform called Azure Sphere were released Monday. Also made public were specifics associated with two additional privilege escalation flaws impacting the same cloud security platform. Public disclosure of all four o...
Cross site scripting
Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724...
CVE-2018-0724
Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0723...
CVE-2018-0716
Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...
Quick Classifieds 1.0 - controlpannel/alterHomepage.php3 DOCUMENT_ROOT Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...
W-Agora 4.0 - edit_forum.php bn_dir_default Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/28366/info w-Agora is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the...
PHPX 3.5.15/3.5.16 gallery.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...
Dredge School Administration System - DSMloader.php?Id SQL Injection
Dredge School Administration System - DSMloader.php?Id SQL Injection source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site request forgery vulnerability 3. A...
Matterdaddy Market - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/60150/info Matterdaddy Market is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal...
BlackNova Traders - 'news.php' SQL Injection
source: https://www.securityfocus.com/bid/57910/info BlackNova Traders is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or...
WeBid Remote File Include and SQLi Vulnerabilities
WeBid to a remote file-include issue and an SQL injection SQLi issue. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Umapresence - Local File Inclusion / Arbitrary File Deletion
source: https://www.securityfocus.com/bid/54194/info Umapresence is prone to a local file-include vulnerability and an arbitrary file-deletion vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit a local file-include vulnerability to...
Basic Analysis and Security Engine (BASE) 1.4.5 - base_ag_main.php?base_path Remote File Inclusion
Basic Analysis and Security Engine BASE 1.4.5 - baseagmain.php?basepath Remote File Inclusion source: https://www.securityfocus.com/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities. An attacker can exploit these issues to gain...
Joomla! Component com_visa - Local File Inclusion / SQL Injection
source: https://www.securityfocus.com/bid/51726/info The 'comvisa' component for Joomla! is prone to a local file-include vulnerability and multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilit...