The vulnerability of NETGEAR’s Wi-Fi router software, including models RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, arises from insufficient cleaning of input data. This allows attackers to execute arbitrary commands.

The vulnerability of NETGEAR Wi-Fi router microprogramming systems, such as RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, is related to insufficient cleaning of input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...

Zoho ManageEngine O365 Manager Plus Remote Code Execution Vulnerability

A security vulnerability exists in Zoho ManageEngine O365 Manager Plus, a software for auditing, monitoring and managing Office 365 from ZOHO, Inc. prior to Build 4416, which stems from an external input data during the construction of a code segment, and the network system or product fails to...

Laundry Booking Management System Remote Code Execution Vulnerability

Laundry Booking Management System is a PHP project called Laundry Booking Management System. A remote code execution vulnerability exists in Laundry Booking Management System, which stems from a failure to properly validate input data in profile.php, and can be exploited by attackers to execute...

UBUNTU-CVE-2021-45972

The giftrans function in giftrans 1.12.2 contains a stack-based buffer overflow because a value inside the input file determines the amount of data to write. This allows an attacker to overwrite up to 250 bytes outside of the allocated buffer with arbitrary data...

jeecg Access Control Error Vulnerability

jeecg is a software application. An intelligent development platform based on a code generator. An Access Control Error vulnerability exists in Jeecg that stems from the product not doing valid validation of input data. An attacker can exploit the vulnerability to access sensitive files by...

The vulnerability of Adobe Premiere Rush software, related to insufficient validation of input data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Adobe Premiere Rush is related to insufficient validation of input data during the MP4 file syntax analysis. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

FreeBSD : OpenSearch -- Log4Shell (b0f49cb9-6736-11ec-9eea-589cfc007716)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b0f49cb9-6736-11ec-9eea-589cfc007716 advisory. - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain...

Snipe-IT Cross-Site Scripting Vulnerability (CNVD-2022-19842)

Snipe-IT is an open source IT asset/license management system. Snipe-IT has a cross-site scripting vulnerability that stems from the product's web generation page not validating the input data, which could be exploited by an attacker to cause client-side code execution...

Google Chrome input security bypass vulnerability

Google Chrome is a web browser from Google, Inc. A security vulnerability exists in Google Chrome, which stems from the product's mishandling of input data. An attacker could use this vulnerability to bypass security restrictions...

MedData Hbys SQL Injection Vulnerability (CNVD-2021-89683)

A SQL injection vulnerability exists in MedData Hbys, a healthcare software from MedData, Inc. The vulnerability stems from the fact that the product does not effectively filter special characters in input data. An unauthenticated attacker could obtain sensitive information through this...

MedData Hbys SQL Injection Vulnerability

A SQL injection vulnerability exists in MedData Hbys, a healthcare software from MedData, Inc. The vulnerability stems from the product's failure to effectively filter special characters in input data. An unauthenticated attacker could obtain sensitive information through this vulnerability...

BusyBox code issue vulnerability

A code issue vulnerability exists in Busybox, a set of applications containing several linux commands and tools developed by Denis Vlasenko, a Ukrainian personal developer, which stems from the fact that the product's man applet does not handle certain input data appropriately. An attacker could...

Mozilla Firefox Security Advisory (MFSA2014-90) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

WordPress Similar Posts Plugin Code Injection Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A code injection vulnerability exists in WordPress Similar Posts plugin 3.1.5 and earlier versions, which...

The vulnerability of Microsoft Excel editors, related to errors in processing input data, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Excel editors is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Opensis SQL Injection Vulnerability (CNVD-2021-101539)

openSIS is a free, open source student information system/school management software. A SQL injection vulnerability exists in openSIS version 8.0. The vulnerability stems from a lack of validation of input data for the $GET'usrid' and $GET'profid' parameters in PasswordCheck.php. An attacker can...

CVE-2021-40191

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

CVE-2021-40191

Dzzoffice Version 2.02.1 is affected by cross-site scripting XSS due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php...

Huawei P40 server-side request forgery vulnerability

Huawei P40 is a smartphone from Huawei China.A security vulnerability exists in the Huawei P40, which stems from the product not adequately verifying input data when processing certain messages. An attacker could use the vulnerability to access sensitive resources...

CVE-2021-39497

eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote function...