1477 matches found
CVE-2022-38400
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
PT-2022-4659
Name of the Vulnerable Software and Affected Versions Go versions prior to 1.18.6 Go versions 1.19.x prior to 1.19.1 Description The issue is related to the net/http package in Go, where an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error, leading to a denial ...
SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure
Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is...
SYNCK GRAPHICA Mailform Pro CGI 信息泄露漏洞
SYNCK GRAPHICA Mailform Pro CGI is a mail form from SYNCK GRAPHICA Japan. It can be used as a multiple transmission, questionnaire form, and application form. A security vulnerability exists in SYNCK GRAPHICA Mailform Pro CGI prior to version 4.3.1, which stems from the Thanks module saving user...
The vulnerability in the implementation of the Matrix protocol for Thunderbird email clients allows a perpetrator to carry out a DoS attack.
The vulnerability of the Thunderbird email client’s Matrix protocol is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute a DoS attack...
PT-2022-4593 · Weave · Weave Gitops Enterprise
Name of the Vulnerable Software and Affected Versions: Weave GitOps Enterprise versions prior to 0.9.0-rc.5 Description: The issue is related to a lack of input data sanitization, which can be exploited by a remote attacker to conduct a cross-site scripting XSS attack using a specially crafted...
The vulnerability of the Thunderbird email client, related to errors in processing input data, allows a hacker to execute arbitrary JavaScript code.
The vulnerability of the Thunderbird email client is related to errors in processing input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code by sending a specially crafted HTML email with a meta tag set to “refresh”...
The vulnerability of the Ping_addr function in D-Link DIR810LA1FW102B22 microprogrammed router software allows a hacker to execute arbitrary code. [source-iocs-preserved const=DIR810LA1_FW102B22]
The vulnerability of the Pingaddr function in D-Link DIR810LA1FW102B22 microprogrammed router software is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code. source-iocs-preserved const=DIR810LA1FW102B2...
The vulnerability of the mySCADA myPRO system for visualizing and controlling industrial processes, related to the lack of measures for cleaning input data, allows a intruder to execute arbitrary commands.
The vulnerability of the mySCADA myPRO industrial process visualization and control system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Office Online Server web server, related to insufficient validation of input data, allows attackers to execute arbitrary code.
The vulnerability of the Office Online Server web server is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...
Vulnerability of microprogramming software for Siemens STEP 7 programmable logic controllers, systems for manufacturing process control such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT Production Suite, the system diagnostic tool SIMOCODE ES, the software for parameterizing, diagnosing, and documenting the startup status of SIRIUS Soft Starter ES, technological process management systems like SIMATIC PCS neo, the Opcenter RD&L software platform, and the software for analyzing equipment efficiency and key indicators like SIMATIC IT LMS. These vulnerabilities allow attackers to trigger malfunctions during maintenance operations due to insufficient input data verification.
The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT...
Microsoft Azure Site Recovery Remote Code Execution Vulnerability (CNVD-2022-84112)
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. The vulnerability stems from the failure of a network system or product to properly filter special elements of code segments during the construction of external input data. ...
Simple E-Learning System Arbitrary File Download Vulnerability
Simple E-Learning System is a simple e-learning system by Carlo Montero's personal developer. simple E-Learning System is vulnerable to an arbitrary file download vulnerability, which stems from a lack of validation of external input data in the downloadFiles.php parameter download. validation. A...
Microsoft Azure Site Recovery 安全漏洞
Microsoft Azure Site Recovery is a site recovery DRaaS from Microsoft Corporation for cloud and hybrid cloud architectures. The vulnerability stems from the failure of a network system or product to properly filter special elements of code segments during the construction of external input data. ...
The vulnerability of the database update function in the web-filtering microprogramming software for Cisco Small Business RV160, RV260, RV340, and RV345 lies in errors during the processing of input data, allowing an attacker to execute arbitrary code with root privileges.
The vulnerability of the database update function in Cisco Small Business RV160, RV260, RV340, and RV345 router microprogramming systems lies in errors in processing input data. Exploiting this vulnerability allows an attacker to execute arbitrary code with root privileges remotely...
Google Android Code Execution Vulnerability (CNVD-2022-65638)
Google Android is a Linux-based open source operating system from Google. A code execution vulnerability exists in Google Android. The vulnerability arises from a failure of a networked system or product to properly filter specific elements of externally entered data during the construction of a...
Google Android Buffer Overflow Vulnerability (CNVD-2023-25101)
Google Android is a Linux-based open-source operating system from Google, a U.S. company. The vulnerability stems from the failure of a network system or product to properly filter special elements of code segments during the construction of external input data. An attacker could exploit the...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open-source operating system from Google, a U.S. company. The vulnerability stems from the failure of a network system or product to properly filter special elements of code segments during the construction of external input data. An attacker could exploit the...
The vulnerability of the mySCADA myPRO system for visualizing and controlling industrial processes, related to the lack of measures for cleaning input data, allows a intruder to execute arbitrary commands.
The vulnerability of the mySCADA myPRO industrial process visualization and control system is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
WordPress plugin wpWax Team 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress wpWax Team 1.2.6 and prior versions, which stems from the program's lack of checksum...