Design/Logic Flaw

An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a logic flaw, resulting in an authentication bypass. An attacker can sniff network traffic and send a set of packets to trigger...

Yi Home Camera Code Execution Vulnerability

Yi Home Camera is an IoT home camera sold worldwide. A code execution vulnerability exists in the QR code scanning feature in Yi Home Camera 27US 1.8.7.0D. The vulnerability can be exploited to cause a buffer overflow via a specially crafted QR code, which can be used for code execution...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Intelligent Operations Center (CVE-2018-1567)

Summary IBM WebSphere Application Server is shipped with IBM Intelligent Operations Center. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin, Security Bulletin: Code...

Tenda AC9, AC15 and AC18 Code Execution Vulnerabilities

The Tenda AC9, AC15 and AC18 are all wireless router products from Tenda, a Chinese company. A code execution vulnerability exists in the Tenda AC9, AC15, and AC18, which can be exploited by a remote attacker to execute code via shell metacharacters in the usbName field...

Code Execution Vulnerability in Poundland App for Android

The Poundland App is a software that focuses on providing online group buying of goods at low prices. A code execution vulnerability exists in the Android version of Pinduoduo APP. An attacker can exploit the vulnerability to induce users to install a modified APK and execute arbitrary code...

SUSE SLES12 Security Update : openslp (SUSE-SU-2018:2991-2)

This update for openslp fixes the following issues : CVE-2017-17833: Prevent heap-related memory corruption issue which may have manifested itself as a denial-of-service or a remote code-execution vulnerability bsc1090638 Prevent out of bounds reads in message parsing Note that Tenable Network...

Code execution vulnerability in Xiaomi Router R1D

Xiaomi Router R1D is a router. A code execution vulnerability exists in Xiaomi Router R1D. An attacker can exploit the vulnerability to execute arbitrary code...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2018-1567)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin: Co...

CVE-2018-14889

CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability...

Elefant CMS Code Execution Vulnerability

Elefant CMS is a PHP-based content management system CMS. The system includes features such as an events calendar, contact form, social media integration and member login. A security vulnerability exists in the apps/filemanager/upload/drop.php file in Elefant CMS versions prior to 2.0.7. An...

Command execution vulnerability at root level in Xiaomi Router 4 user management page

The Xiaomi Router 4 is a router. A command execution vulnerability exists at the root level of the Xiaomi Router 4 user management page. An attacker can exploit the vulnerability to remotely execute arbitrary code...

About the security content of Safari 12

About the security content of Safari 12 This document describes the security content of Safari 12. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2018-1567)

Summary IBM WebSphere Application ServerWAS is shipped as a component of IBM Tivoli Security Policy ManagerTSPM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM ILOG Optimization Decision Manager Enterprise (CVE-2018-1567)

Summary IBM WebSphere Application Server is shipped as a component of IBM ILOG ODM Enterprise. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Code execution...

Command Execution Vulnerability in ThinkLC Backend

ThinkLC is a classified information system developed by SaxueCMS. A command execution vulnerability exists in the backend of ThinkLC, which can be exploited by an attacker to upload a Trojan horse file at the upload template in the backend and gain control of the web server...

CVE-2018-13259

An issue was discovered in zsh before 5.6. Shebang lines exceeding 64 characters were truncated, potentially leading to an execve call to a program name that is a substring of the intended one...

Opsview Monitor Command Execution Vulnerability (CNVD-2018-17452)

Opsview Monitor is a virtual appliance designed to be deployed in an organization's network infrastructure. It is bundled with a Web management console for monitoring and managing hosts and their services. Opsview Monitor has a command execution vulnerability that allows an attacker to gain acces...

Exploit for CVE-2018-11776

CVE-2018-11776 On August 23, 2018, Apache Struts2 released a...

Exploit for CVE-2018-11776

CVE-2018-11776 On August 23, 2018, Apache Struts2 released a...

CVE-2015-5243

phpWhois allows remote attackers to execute arbitrary code via a crafted whois record...