4202 matches found
Code Execution Vulnerability in Advantech WebAccessNode
Advantech WebAccessNode is a fully Internet Explorer based HMI/SCADA monitoring software. A code execution vulnerability exists in Advantech WebAccessNode, which can be exploited by an attacker to gain server administrator privileges...
Command execution vulnerability in SongCMS PHP version (CNVD-2020-38508)
SongCMS PHP Edition is an open source CMS based on PHP+MySQL. SongCMS PHP Edition suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code...
Code execution vulnerability in imcat (CNVD-2020-32566)
Intimate Cat imcat is a general-purpose website system designed in PHP+MySQL architecture. A code execution vulnerability exists in imcat, which can be exploited by attackers to execute malicious code and gain administrative privileges on the server...
Rails -- remote code execution vulnerability
Ruby on Rails blog: Due to an unfortunate oversight, Rails 4.2.11.2 has a missing constant error. To address this Rails 4.2.11.3 has been released. The original announcement for CVE-2020-8163 has a follow-up message with an updated patch if you’re unable to use the gems...
SUSE SLES12 Security Update : squid (SUSE-SU-2020:1227-1)
This update for squid fixes the following issues : CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses bsc1169659. CVE-2020-11945: fixes a potential remote execution...
Command Execution Vulnerability in Haiwell's Cloud Configuration Software Cloud SCADA
Haiwell Haiwell cloud configuration software Cloud SCADA is an industrial automation monitoring and management platform software developed by Xiamen Haiwell Technology Co. A command execution vulnerability exists in Haiwell Cloud SCADA, which can be exploited by an attacker to gain server...
Arbitrary Code Execution
python is vulnerable to arbitrary code execution. The vulnerability exists as an integer overflow in the PyStringDecodeEscape function in stringobject.c, resulting in heap-based buffer overflow and possible arbitrary code execution...
SUSE-SU-2020:1227-1 Security update for squid
This update for squid fixes the following issues: - CVE-2019-12519, CVE-2019-12521: fixes incorrect buffer handling that can result in cache poisoning, remote execution, and denial of service attacks when processing ESI responses bsc1169659. - CVE-2020-11945: fixes a potential remote execution...
Easy B2C Mall System d***.php file exists arbitrary SQL statement execution vulnerability
Easy B2C mall system is a mall system based on open source framework development. Easy B2C mall system d.php file exists arbitrary SQL statement execution vulnerability. An attacker can exploit the vulnerability to execute arbitrary SQL statements within the file...
CVE-2019-19164
dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code...
Fazecast jSerialComm Code Issue Vulnerability
Fazecast jSerialComm is a Java library that provides platform-independent access to standard serial ports from Fazecast, U.S.A. Schneider Electric EcoStruxure IT Gateway is a suite of cloud-based Data Center Management as a Service DMaaS offerings from Schneider Electric, France. A code issue...
SQL execution vulnerability in imcat backend
Intimate cat imcat is a PHP + MySQL architecture and design of a general-purpose website system, simple, lightweight, practical, sharing, permanent open source free of charge. There is a SQL execution vulnerability in the imcat backend. Attackers can use the vulnerability to obtain sensitive...
Tobesoft Xplatform Code Execution Vulnerability
Tobesoft Xplatform is a set of Korean Tobesoft application development platform. The platform supports form and composite component inheritance, CSS autosetting, and multi-document interfaces. A security vulnerability exists in Tobesoft Xplatform 9.2.2.250 and prior versions. A remote attacker ca...
Remote code execution
Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary code execution vulnerability by using method supported by Nexacro14 ActiveX Control. It allows attacker to cause remote code execution...
TP-Link TL-WA855RE login.json Authentication Privilege Elevation Improper Vulnerability
The TP-Link TL-WA855RE is a wireless network signal extender from China P&L TP-Link. A security vulnerability exists in the initial setup process in the TP-Link TL-WA855RE, which stems from the program failing to properly validate the initial setup request. The vulnerability can be exploited by a...
CVE-2019-19165
AxECM.cabActiveX Control in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard...
Command Execution Vulnerability in Tenda AC18 Router
Shenzhen Jixiang Tengda Technology Co., Ltd. is a leading global provider of network equipment. A command execution vulnerability exists in the Tenda AC18 router, which can be exploited by an attacker to gain server privileges...
Code Execution Vulnerability in Attentive Home Attentive Cat (imcat)
Intimate Cat imcat is a general-purpose website system designed in PHP+MySQL architecture. A code execution vulnerability exists in Intimate Home Care Intimate Cat imcat, which can be exploited by attackers to execute malicious code...
[ASA-202004-23] webkit2gtk: arbitrary code execution
Arch Linux Security Advisory ASA-202004-23 ========================================== Severity: Critical Date : 2020-04-28 CVE-ID : CVE-2020-3899 Package : webkit2gtk Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1144 Summary ======= The package webkit2gtk...
CVE-2020-12138
AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM...