5254 matches found
PT-2019-18693 · Prima Systems · Flexair
Name of the Vulnerable Software and Affected Versions: Prima Systems FlexAir versions 2.3.38 and prior Description: The application fails to properly neutralize special elements, potentially allowing attackers to modify intended OS commands sent to downstream components. This could enable attacke...
CVE-2019-13075
Tor Browser through 8.5.3 has an information exposure vulnerability. It allows remote attackers to detect the browser's language via vectors involving an IFRAME element, because text in that language is included in the title attribute of a LINK element for a non-HTML page. This is related to a...
Malicious Package
smartsearchwp is a malicious package. The package contains malicious code that steal credentials from websites it is loaded in when executed. DOM elements are traversed for usernames and passwords, which are subsequently uploaded to a remote server. Port scans of local gateway are performed and...
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in @apollo/gateway...
The vulnerability of the command-line interface implementation of the network operating system NX-OS allows a attacker to execute arbitrary commands on the underlying operating system.
The vulnerability of the command-line interface implementation of the networking operating system NX-OS exists due to the lack of measures taken to neutralize the special elements used in the operating system’s commands. Exploiting this vulnerability can allow an attacker to execute arbitrary...
The vulnerability of the wpa_supplicant component of the EAP-PWD protocol in wireless communication devices certified by WPA allows a perpetrator to compromise the integrity and confidentiality of data or cause service failures due to improper use of privileges.
The vulnerability of the wpasupplicant component of the EAP-PWD protocol in wireless communication devices certified by WPA is related to incorrect validation of scalar values and values of elements in the “EAP-pwd-Commit” section of imported elements. Exploiting this vulnerability allows a...
The vulnerability of the EAP Server component of the EAP-PWD certification protocol for wireless communication devices with WPA encryption lies in the improper use of privileges, allowing attackers to compromise data integrity and confidentiality or cause service failures.
The vulnerability of the EAP Server component of the EAP-PWD protocol for wireless communication devices certified by WPA is related to the lack of explicit checks on imported elements. These imported elements do not undergo verification of scalar values and values of elements in the...
The vulnerability of the Heimdal protocol’s Kerberos implementation in the Samba network communication software allows attackers to expose sensitive information or cause service failures.
The vulnerability of the Heimdal protocol’s Kerberos 5 implementation in the Samba network communication software package is related to errors in the implementation of security checks for standard elements. Exploiting this vulnerability can allow a malicious actor to disclose protected informatio...
The vulnerability of the microprogrammed programmable logic controller SCALANCE, related to insufficient neutralization of special elements, allows a intruder to execute arbitrary system commands.
The vulnerability of the microprogrammed programmable logic controller SCALANCE is related to the insufficient neutralization of certain special elements. Exploiting this vulnerability could allow a intruder, who does not have access to the Aruba Instant web interface, to execute arbitrary system...
The vulnerability of the microprogrammed programmable logic controller SCALANCE, related to insufficient neutralization of special elements, allows a intruder to execute arbitrary system commands.
The vulnerability of the microprogrammed programmable logic controller SCALANCE is related to the insufficient neutralization of certain special elements. Exploiting this vulnerability allows an attacker with administrator privileges to execute arbitrary system commands...
Design/Logic Flaw
An Improper Neutralization of Special Elements in Query vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which allows an attacker to execute arbitrary system commands...
PT-2019-16870 · Ibm · Ibm Bigfix Platform
Name of the Vulnerable Software and Affected Versions: IBM BigFix Platform versions 9.2 through 9.5 Description: The issue allows a low-privilege user to manipulate the UI, exposing interface elements and information normally restricted to administrators. Recommendations: For versions 9.2 through...
Denial Of Service
Firefox and Firefox ESR are vulnerable to denial of service DoS attacks. This occurs while parsing an HTML5 stream in concert with custom HTML elements which may lead to potentially exploitable crash...
Use-After-Free
Firefox is vulnerable to use-after-free vulnerability. This occurs when editing events in form elements on a page. An attacker could cause a potentially exploitable crash resulting a denial of service condition...
Microsoft Edge CDXImageRenderTarget Double Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the rendering of...
Adobe Acrobat Reader DC removeField Use-After-Free Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
Mozilla: Use-after-free when removing in-use DOM elements
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...
Code injection
GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements...
CVE-2019-6546
GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements...
Mozilla: Use-after-free when removing in-use DOM elements
A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...