450 matches found
SAP NetWeaver Process Integration Command Injection Vulnerability
SAP Basis is a content management system.SAP NetWeaver Process Integration PI is an SAP enterprise application integration software from SAP, Germany, and is a component of the NetWeaver product group. The component is mainly used for the exchange of information between internal systems and...
Citrix Systems SD-WAN Center and NetScaler SD-WAN Center Command Injection Vulnerabilities
Citrix Systems SD-WAN Center is a centralized management system from Citrix Systems USA. The system is primarily used to configure, monitor and analyze all Citrix SD-WAN devices on the WAN. A command injection vulnerability exists in Citrix Systems SD-WAN Center versions 10.2.x prior to 10.2.3 an...
WordPress Everest Forms SQL Injection Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Everest Forms is a form generation plugin used in it. A SQL injection vulnerability exists in WordPress Everest Forms. The vulnerabilit...
ProClima Code Injection Vulnerability
Schneider Electric ProClima is a heat calculation software package from Schneider Electric, France. The software provides thermal management capabilities for environmental and electrical/electronic equipment installed in control panels by analyzing specified thermal data. A code injection...
Linear eMerge E3-Series Command Injection Vulnerability
The Nortek Security & Control Linear eMerge E3-Series is an access control device from Nortek Security & Control USA. A command injection vulnerability exists in the Linear eMerge E3-Series device that stems from a program that uses external input to construct commands, but fails to properly hand...
RICOH SP 4510DN Code Injection Vulnerability
The RICOH SP 4510DN is a multifunction printer from Ricoh Japan. A code injection vulnerability exists in the RICOH SP 4510DN, which arises from a network system or product that does not properly filter specific elements of externally inputted data during the construction of a code segment, and c...
Cisco Firepower Threat Defense Operating System Command Injection Vulnerability
Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. An operating system command injection vulnerability exists in Cisco Firepower Threat Defense. The vulnerability arises from the network system or...
CVE-2018-17934
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code...
CVE-2018-17934
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code...
CVE-2018-17934
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code...
CVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...
Design/Logic Flaw
Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...
CVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...
CVE-2017-6020
Leao Consultoria e Desenvolvimento de Sistemas LCDS LTDA ME LAquis SCADA software versions prior to version 4.1.0.3237 do not neutralize external input to ensure that users are not calling for absolute path sequences outside of their privilege level...
CVE-2018-9115
Systematic SitaWare 6.4 SP2 does not validate input from other sources sufficiently. e.g., information utilizing the NVG interface. An attacker can freeze the Situational Layer, which means that the Situational Picture is no longer updated. Unfortunately, the user cannot notice until he tries to...
Buffer under-read in String#unpack
Stringunpack receives format specifiers as its parameter, and can be specified the position of parsing the data by the specifier @. If a big number is passed with @, the number is treated as the negative value, and out-of-buffer read is occurred. So, if a script accepts an external input as the...
CVE-2017-17324
Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; LON-AL00BC00B229 have an integer overflow vulnerability. The camera driver does not validate the external input parameters and causes an integer overflow, which in the after processing results in a buffer overflow. An attacker tricks...
CVE-2017-12613
When aprtimeexp or aprosexptime functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an aprtimeexpt value, potentially revealing the contents of a different static heap value or...
CVE-2016-9339
An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversa...
Path traversal
An issue was discovered in INTERSCHALT Maritime Systems VDR G4e Versions 5.220 and prior. External input is used to construct paths to files and directories without properly neutralizing special elements within the pathname that could allow an attacker to read files on the system, a Path Traversa...