ABB Advant MOD 300 AdvaBuild 安全漏洞

ABB Advant MOD 300 AdvaBuild is an industrial control system from ABB Switzerland. A security vulnerability exists in ABB Advant MOD 300 AdvaBuild versions 3.0 through 3.7 SP2, which originates from an attacker who can cause a denial-of-service attack by injecting garbage data or specially crafte...

Remote code execution

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: ?PHP instead of ?php in injected data...

UBUNTU-CVE-2023-30253

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: ?PHP instead of ?php in injected data...

CVE-2021-29969

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

DRUPAL-CONTRIB-2019-030

This module enables you to create facet-filters for results of a search query and exposes them as blocks The module doesn't sufficiently escape HTML under the scenario leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by two factors. First, an attacker must have...

CVE-2016-9459

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...

CVE-2016-9459

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment...

UBUNTU-CVE-2016-1866

Salt 2015.8.x before 2015.8.4 does not properly handle clear messages on the minion, which allows man-in-the-middle attackers to execute arbitrary code by inserting packets into the minion-master data stream...

CVE-2012-1328

Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 are affected by a code/injection vulnerability in the handling of configuration data downloads to an RT phone, allowing local users to gain privileges via injected data (Bug ID CSCts32237). The issue is triggered by improper pr...