IBM Operational Decision Manager 代码问题漏洞

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a code issue vulnerability that originates from the ability ...

TOTOLINK A3300R setMacFilterRules Method Command Injection Vulnerability

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A command injection vulnerability exists in the TOTOLINK A3300R version V17.0.0cu.557B20221024, which stems from the enable parameter of the setMacFilterRules method failing to correctly filter construct command...

CVE-2024-22569

Stored Cross-Site Scripting XSS vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&isinstalldb=0...

YonBIP Code Execution Vulnerability in UFIDA Network Technology Co.

YonBIP is a new generation of products developed by UFIDA, as the world's leading enterprise digital intelligence platform and application software. A code execution vulnerability exists in UFIDA YonBIP, which can be exploited by attackers to execute arbitrary code...

CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

LeptonCMS Arbitrary File Upload Vulnerability

LeptonCMS is a content management system CMS for the Lepton Project. An arbitrary file upload vulnerability exists in LeptonCMS version v7.0.0, which stems from the application's lack of effective authentication of uploaded files. An authenticated attacker can exploit this vulnerability to execut...

CVE-2024-22550

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

Command Execution Vulnerability in Damon Database Management System

Damon Database Management System DM8 is a database system developed by Wuhan Damon Database Co. A command execution vulnerability exists in Damon Database Management System, which can be exploited by an attacker to gain server privileges...

TOTOLINK X6000R Code Execution Vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a code execution vulnerability that stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit this vulnerability t...

CVE-2024-22912

A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution...

The vulnerability of Citrix ADC application delivery controllers (formerly known as Citrix NetScaler Application Delivery Controller) and Citrix Gateway access control systems (formerly known as Citrix NetScaler Gateway) stems from improper code generation, allowing attackers to execute arbitrary code.

The vulnerability of Citrix ADC application delivery controllers formerly known as Citrix NetScaler Application Delivery Controller, as well as the Citrix Gateway access control system formerly known as Citrix NetScaler Gateway, is related to improper code generation. Exploiting this vulnerabilit...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a code execution vulnerability that stems from the application's failure to properly filter construct command special characters, commands, etc. An attacker can exploit the vulnerability ...

D-Link DIR-815 Code Execution Vulnerability

The D-Link DIR-815 is a wireless router from China's AUO D-Link. The D-Link DIR-815 suffers from a code execution vulnerability that stems from an application's failure to properly filter special elements of constructed snippets. An attacker can exploit the vulnerability to execute arbitrary code...

CVE-2023-52031

TOTOlink A3700R v9.1.2u.5822B20200513 was discovered to contain a remote command execution RCE vulnerability via the UploadFirmwareFile function...

GTKWave integer overflow vulnerability (CNVD-2024-37751)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An integer overflow vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via a specially crafted fst file...

CVE-2023-52029

TOTOLINK A3700R (v9.1.2u.5822_B20200513) contains a remote command execution (RCE) in the setDiagnosisCfg function. The issue arises from improper handling/filtering of constructed command characters, enabling arbitrary command execution. Affected component: setDiagnosisCfg; impact: remote comman...

GTKWave Code Execution Vulnerability

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.118, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

Bosch Nexo cordless nutrunner security breach

Bosch Nexo Cordless nutrunner is a series of cordless tightening wrenches with integrated controls from Bosch Germany. A security vulnerability exists in Bosch Nexo cordless nutrunner. The vulnerability allows an authenticated, remote attacker to upload a malicious file containing arbitrary...

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

Security Updates for Microsoft Visual Studio Products (January 2024)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability CVE-2023-29356, CVE-2023-32025, CVE-2023-32026, CVE-2023-32027 - NET, .NET Framework,...