CVE-2020-36380

An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...

CVE-2020-27158

Addressed remote code execution vulnerability in cgiapi.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114...

CVE-2020-25199

A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application...

CVE-2020-24395

The USB firmware update script of homee Brain Cube v2 2.28.2 and 2.28.4 devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device...

CVE-2020-23584

Unauthenticated remote code execution in OPTILINK OP-XT71000N, Hardware Version: V2.2 occurs when the attacker passes arbitrary commands with IP-ADDRESS using " | " to execute commands on " /diagtracertadmin.asp " in the "PingTest" parameter that leads to command execution...

CVE-2020-0760

A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991...

CVE-2010-5150

Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

CVE-2013-3384

The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management...

CVE-2013-1222

The Tomcat Web Management feature in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted 1 HTTP or 2 HTTPS request, aka Bug ID CSCub38379...

CVE-2019-16759

vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfigcode parameter in an ajax/render/widgetphp routestring request...

CVE-2019-5159

An exploitable improper input validation vulnerability exists in the firmware update functionality of WAGO e!COCKPIT automation software v1.6.0.7. A specially crafted firmware update file can allow an attacker to write arbitrary files to arbitrary locations on WAGO controllers as a part of...

CVE-2019-9859

Vesta Control Panel VestaCP 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the...

CVE-2019-15395

The Asus ZenFone 3s Max Android device with a build fingerprint of asus/INX00G/ASUSX00G1:7.0/NRD90M/INX00G-14.02.1807.33-20180706:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000015, versionName=7.0.0.3161222 that allows other...

CVE-2019-15397

The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WWPhone/ASUSX00HD4:7.1.1/NMF26F/14.2016.1803.373-20180308:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-15400

The Asus ZenFone 3 Ultra Android device with a build fingerprint of asus/WWPhone/ASUSA001:7.0/NRD90M/14.1010.1804.75-20180612:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-15404

The Asus ZenFone Max 4 Android device with a build fingerprint of asus/WWPhone/ASUSX00HD4:7.1.1/NMF26F/14.2016.1712.367-20171225:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-15411

The Asus ZenFone 3 Laser Android device with a build fingerprint of asus/WWmsm8937/msm8937:7.1.1/NMF26F/WW32.40.106.11420180928:user/release-keys contains a pre-installed app with a package name of com.asus.loguploaderproxy app versionCode=1570000020, versionName=7.0.0.4170901 that allows other...

CVE-2019-15312

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issues, the DNS rebinding attack could allow an...

CVE-2019-0825

A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0823, CVE-2019-0824, CVE-2019-0826,...

CVE-2011-4791

DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field...