Command Execution Vulnerability in WideField3

WideField3 is a PLC programming software developed by Yokogawa Electric Group. A command execution vulnerability exists in WideField3, which can be exploited by an attacker to execute malicious code...

NETGEAR XR500 Input Validation Error Vulnerability

The NETGEAR XR500 is a wireless router from NETGEAR. An input validation error vulnerability exists in NETGEAR XR500 versions prior to 2.3.2.32, which can be exploited by an attacker to execute code...

Command Execution Vulnerability in CRMEB Open Edition V3.1.0

CRMEB mall system is based on ThinkPhp6.0 + Vue development of a set of new retail mobile e-commerce system, CRMEB system is a set of customer relationship management + marketing e-commerce system, can quickly accumulate customers, member data analysis, intelligent conversion of customers,...

Command Execution Vulnerability in Super CMS Backend ca***.ma***.php File

Super CMS by the SEO Research Center in order to solve the problem of website optimization and research and development of a set of products, using an object-oriented approach to independent research and development of the MVC framework development, is an open source content management system...

Autodesk FBX-SDK Code Execution Vulnerability

Autodesk FBX-SDK is a C++ software development platform and API toolkit from Autodesk USA, which is mainly used to convert existing content to FBX format. A security vulnerability exists in Autodesk FBX-SDK 2019.0 and earlier versions. An attacker can exploit the vulnerability to execute code on...

Command Execution Vulnerability in AdminSet

Adminset is a true fully automated Ops platform developed with Ops thinking in mind. AdminSet suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...

CVE-2020-7082

A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code execution on a system running it...

Aviatrix Systems OpenVPN client input validation error vulnerability

Aviatrix Systems OpenVPN client is a VPN Virtual Private Network client program from Aviatrix Systems, USA. An input validation error vulnerability exists in Aviatrix Systems OpenVPN client Linux, macOS, and Windows versions 2.5.7 and earlier. An attacker can exploit this vulnerability by changin...

Apache Heron Code Issue Vulnerability

Apache Heron is a distributed , fault-tolerant real-time stream processing engine . A code issue vulnerability exists in Apache Heron versions 0.20.2-incubating, 0.20.1-incubating, and 0.20.0-incubating. An attacker could exploit the vulnerability to execute code...

Aruba Networks ClearPass Code Execution Vulnerability

Aruba Networks ClearPass is an access management system from Aruba Networks that integrates network control, application and device management capabilities. A security vulnerability exists in Aruba Networks ClearPass. An attacker could exploit the vulnerability to execute code...

Foxit PDF Reader U3D Plugin's ci*** module suffers from an override read vulnerability

Foxit PDF Reader is an e-book reader. The ci module of the Foxit PDF Reader U3D plug-in has an override read vulnerability that can be exploited by an attacker to execute code in the current application context by constructing a special PDF file...

Debian: Security Advisory (DLA-2174-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : e2fsprogs (EulerOS-SA-2020-1379)

According to the version of the e2fsprogs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory ca...

Security Update for Microsoft Office 2013 (KB4484229) 32-Bit Edition

A security vulnerability exists in Microsoft Office 2013 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Security Updates for Outlook (April 2020)

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries. An attacker could then install...

Mozilla Firefox Code Execution Vulnerability (CNVD-2020-22306)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox version 74. An attack could exploit the vulnerability to corrupt memory or possibly execute arbitrary code...

Input validation

Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS versions prior to 3.0.2...

SUSE-SU-2020:0959-1 Security update for python-PyYAML

This update for python-PyYAML fixes the following issues: - CVE-2020-1747: Fixed an arbitrary code execution when YAML files are parsed by FullLoader bsc1165439...

Command Execution Vulnerability in Flush Cloud

Flush Cloud is a stock analysis and trading software launched by Zhejiang Nuclear New Flush Network Information Co. Flush Cloud Computing suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code...

CVE-2019-9193

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pgexecuteserverprogram' group to execute arbitrary code in the context of the database's operating system user. This functionality is enabled by default and can be abused to run arbitrary...