Visualware MyConnection Server 代码问题漏洞

Visualware MyConnection Server is a software application from Visualware, Inc. Providing accurate measurements of network quality and performance ensures a great user experience. A file upload vulnerability exists in Visualware MyConnection Server 11.0b build 5382 and prior versions, which...

Apple macOS process_token_BindQueryStoreRegisterToMemoryList Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppleIntelKBLGraphic...

Advantech WebAccess/SCADA 安全漏洞

Advantech WebAccess/SCADA is a suite of SCADA software from Advantech based on a browser architecture. The software supports dynamic graphical displays and real-time data control, and provides the ability to remotely control and manage automation equipment. A local elevation of privilege...

CVE-2020-25238

A vulnerability has been identified in PCS neo Administration Console All versions V3.1, TIA Portal V15, V15.1 and V16. Manipulating certain files in specific folders could allow a local attacker to execute code with SYSTEM privileges. The security vulnerability could be exploited by an attacker...

Stack overflow

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code...

CVE-2020-17432

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

Fedora 33 : kernel (2021-879c756377)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-879c756377 advisory. - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local...

Security Vulnerabilities in Multiple Cisco Products

Cisco RV016 Multi-WAN VPN Router is a VPN Virtual Private Network router. RV042 Dual WAN VPN Router is a VPN Virtual Private Network router. The RV042G Dual Gigabit WAN VPN Router is a VPN Virtual Private Network router. A security vulnerability exists in the Cisco Small Business RV016, RV042,...

WordPress 5.0.0 - Image Remote Code Execution

Exploit Title: WordPress 5.0.0 - Image Remote Code Execution Date: 2020-02-01 Exploit Authors: OUSSAMA RAHALI aka V0lck3r Discovery Author : RIPSTECH Technology Version: WordPress 5.0.0 and :/ ' printusage url = sys.argv1 username = sys.argv2 password = sys.argv3 wptheme = sys.argv4 wpscan result...

MGASA-2021-0061 Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.10.12 and fixes at least the following security issues: fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPL...

Open Design Alliance Drawings SDK Stack Buffer Overflow Vulnerability

Drawings is a development platform for desktop, mobile and web applications targeting .dwg and .dgn data.Drawings SDK is the Drawings Software Development Kit. A stack buffer overflow vulnerability exists in Open Design Alliance Drawings SDK versions prior to 2021.11. An attacker can exploit this...

CVE-2021-1216

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

CVE-2021-1195

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

CVE-2021-1190

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly. The vulnerabilities are due to improper...

Microsoft Word Remote Code Execution Vulnerability (CNVD-2021-11032)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute code on the target host...

CVE-2020-28382

A vulnerability has been identified in Solid Edge SE2020 All Versions SE2020MP12, Solid Edge SE2021 All Versions SE2021MP2. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure...

CVE-2020-26993

A vulnerability has been identified in JT2Go All versions V13.1.0, Teamcenter Visualization All versions V13.1.0. Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the fon...

(0Day) Microsoft Windows splwow64 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2020-8465

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass CVE-2020-8461 and authentication bypass CVE-2020-8464 to execute code as user root...

(0Day) D-Link DCS-960L HNAP LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DCS-960L Wi-Fi cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from...