EUVD-2023-57428

Malicious code in bioql PyPI...

PT-2025-22818 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: TinyFileManager version 2.4.7 Description: A stored cross-site scripting XSS issue in the /tinyfilemanager.php component allows attackers to execute arbitrary JavaScript or HTML by injecting a crafted payload into the js-theme-3 parameter. Th...

CVE-2024-8878

CVE-2024-8878 concerns Riello NetMan 204. The vulnerability allows an unauthenticated password reset via the endpoint /recoverpassword.html, enabling an attacker to obtain the device’s netmanid and compute a recovery code to reset the admin password (admin:admin). Affected software is NetMan 204 ...

TOTOLINK AC1200 Buffer Overflow Vulnerability

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the parameter desc in the file /cgi-bin/cstecgi.cgi that can cause a buffer overflow. An attacker can exploit this vulnerabilit...

TOTOLINK AC1200 安全漏洞

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the parameter desc in the file /cgi-bin/cstecgi.cgi that can cause a buffer overflow. An attacker can exploit this vulnerabilit...

CVE-2024-29207

An Improper Certificate Validation could allow a malicious actor with access to an adjacent network to take control of the system. Affected Products: UniFi Connect Application Version 3.7.9 and earlier UniFi Connect EV Station Version 1.1.18 and earlier UniFi Connect EV Station Pro Version 1.1.18...

Cisco Releases Security Advisories for Multiple Products

Cisco has released security advisories to address vulnerabilities affecting multiple Cisco products. A cyber threat actor can exploit some of these vulnerabilities to take control of an affected system or cause a denial-of service condition. CISA encourages users and administrators to review the...

CVE-2020-9057

CVE-2020-9057 covers Z-Wave devices using Silicon Labs 100/200/300 series chipsets that do not support encryption. The vulnerability stems from the Z-Wave specification for these legacy chips, allowing an attacker in radio range to take control of or cause a DoS, and to capture/replay traffic. Fi...

Ivanti Releases Security Update for Pulse Connect Secure

Ivanti has released Pulse Connect Secure system software version 9.1R12 to address multiple vulnerabilities an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review Ivanti's Security Advisory SA44858 and apply the necessary update. This...

Security Bulletin: Multiple Oracle Database Server Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform

Summary Multiple Oracle Database Server Security Vulnerabilities Affect IBM Emptoris Strategic Supply Management Platform Vulnerability Details CVEID: CVE-2020-14741 DESCRIPTION: An unspecified vulnerability in Oracle Database Server related to the Database Filesystem component could allow an...

CVE-2020-25538

An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server...

CVE-2019-14418

An issue was discovered in Veritas Resiliency Platform VRP before 3.4 HF1. When uploading an application bundle, a directory traversal vulnerability allows a VRP user with sufficient privileges to overwrite any file in the VRP virtual machine. A malicious VRP user could use this to replace existi...

Security Bulletin: Multiple vulnerabilities affect Watson Explorer, Watson Content Analytics and Watson Explorer Content Analytics Studio (CVE-2017-10115, CVE-2017-10116)

Summary Security vulnerabilities have been identified in IBM® Runtime Environment Java™ Technology Edition that is used by Watson Explorer, Watson Content Analytics and Watson Explorer Content Analytics Studio. Vulnerability Details CVEID: CVE-2017-10115 DESCRIPTION: An unspecified vulnerability ...

Design/Logic Flaw

On SRX Series devices during compilation of IDP policies, an attacker sending specially crafted packets may be able to bypass firewall rules, leading to information disclosure which an attacker may use to gain control of the target device or other internal devices, systems or services protected b...

AirOS 6.x - Arbitrary File Upload

AirOS 6.x - Arbitrary File Upload EDB-Note Source: https://hackerone.com/reports/73480 Vulnerability It's possible to overwrite any file and create new ones on AirMax systems, because the "php2" maybe because of a patch don't verify the "filename" value of a POST request. It's possible to a...

PT-2018-03: Control Takeover in Siemens DIGSI 4 and EN100 Ethernet modules

The specialists of the Positive Research center have detected a Control Takeover vulnerability in Siemens DIGSI 4 and EN100 Ethernet modules. Vulnerability allows unauthenticated remote, low-skilled attackers to upload a modified device configuration overwriting access authorization passwords, an...

GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 19, 2013, and is now being released to the ICS-CERT-Web page. Independent researchers ZombiE and amisto0x07 have identified an improper input validation vulnerability in the GE CIMPLICITY WebView application...

Pavuk Digest Authentication Buffer Overflow Remote Exploit

Exploit for linux platform in category remote exploits ========================================================== Pavuk Digest Authentication Buffer Overflow Remote Exploit ========================================================== / exploit for pavuk web spider - infamous42md AT hotpop DOT com...

More Office XP problems

Moderator: check the legal notice before submitting this to some database. Georgi Guninski security advisory 53, 2002 More Office XP problems Systems affected: Office XP Risk: High Date: 31 March 2002 Legal Notice: This Advisory is Copyright c 2002 Georgi Guninski. You may distribute it unmodifie...