41 matches found
The vulnerability of the OLE DB driver for SQL Server, related to insufficient validation of input data, allows a hacker to execute arbitrary code.
The vulnerability of the OLE DB driver for SQL Server is related to buffer overflow in the “heap”. Exploiting this vulnerability can allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the GLPI system’s request and incident handling process, related to incorrect input cancellation during the generation of web pages, allows a perpetrator to execute arbitrary code.
The vulnerability of the GLPI system for handling requests and incidents is related to incorrect neutralization of input data during the generation of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted RTF format data...
The vulnerability of the Go language’s html/template package lies in the lack of checks for input values, allowing attackers to insert arbitrary content into templates.
The vulnerability of the Go language’s html/template package is related to the lack of checks on input values. Exploiting this vulnerability allows a remote attacker to insert arbitrary content into templates...
CVE-2023-41780
There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges...
USN-6401-1 freerdp2 vulnerabilities
It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354,...
PT-2023-3805 · Sonicwall · Sonicwall Gms +1
Name of the Vulnerable Software and Affected Versions: SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description: The issue exists due to improper neutralization of special elements used in an OS command, allowing an authenticated attacker to...
The vulnerability of the backup function for source files of projects in the target programming system, the EcoStruxure Control Expert programmable logic controllers, allows a perpetrator to execute arbitrary code or cause a service failure.
The vulnerability of the backup function for source files in the target programming system, the EcoStruxure Control Expert programmable logic controllers, is related to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code o...
CVE-2022-20888
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...
CVE-2022-20664
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance SMA, and Cisco Email Security Appliance ESA could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...
USN-5462-1 ruby2.5, ruby2.7, ruby3.0 vulnerabilities
It was discovered that Ruby incorrectly handled certain regular expressions. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. CVE-2022-28738 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly us...
The vulnerability in the web interface of Cisco Firepower Management Center’s software for network management allows a perpetrator to execute cross-site scripting (XSS) attacks.
The vulnerability in the web interface for managing Cisco Firepower Management Center FMC software involves a lack of measures to protect input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting XSS attacks remotely...
The vulnerability of the Reseller Locator component in the Oracle Partner Management system allows a malicious actor to gain unauthorized access to read, modify, or delete data.
The vulnerability of the Reseller Locator component in the Oracle Partner Management system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete data using the HTTP...
The vulnerability of the Snapshot Integration sub-component of the PeopleSoft Enterprise CS SA Integration Pack, a business application package from Oracle PeopleSoft Enterprise, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Snapshot Integration sub-component of the PeopleSoft Enterprise CS SA Integration Pack, a business application package from Oracle PeopleSoft Enterprise, exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating...
The vulnerability in the web interface of the Cisco Prime Infrastructure monitoring and network device management system, as well as the Cisco Evolved Programmable Network Manager software, allows a perpetrator to execute cross-site scripting (XSS) attacks.
The vulnerability of the web interface for managing Cisco Prime Infrastructure network equipment and the Cisco Evolved Programmable Network Manager software lies in the lack of measures to protect input data. Exploiting this vulnerability could allow a malicious actor to perform cross-site...
The vulnerability of the command-line interface (CLI) of Cisco IOS XE SD-WAN software allows a attacker to execute arbitrary commands.
The vulnerability of the Cisco IOS XE SD-WAN software’s command-line interface is related to insufficient cleaning of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...
USN-3626-1 ruby1.9.1, ruby2.0, ruby2.3 vulnerabilities
It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to execute arbitrary code. CVE-2018-6914 It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this to access sensitive information. CVE-2018-8778,...
CentOS Update for xorg-x11 CESA-2011:1360 centos4 i386
Check for the Version of xorg-x11 OpenVAS Vulnerability Test CentOS Update for xorg-x11 CESA-2011:1360 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
SmarterTools SmarterTrack Cross-Site Scripting Vulnerabilities
This host is running SmarterTools SmarterTrack and is prone Cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbsmartertrackmultxssvuln.nasl 5347 2017-02-19 09:15:55Z cfi $ SmarterTools SmarterTrack Cross-Site Scripting Vulnerabilities Authors: Madhuri D Copyright: Copyright c...
EasyCMS vulnerable to XSS injection.
The Norwegian web-publishing system EasyCMS www.easycms.no contains multiple input flaws letting users conduct successful XSS attacks. Both in the admin section, and the webpage that uses the system is vulnerable to XSS. It does not filter script tags and simple scripting like...
DSA-153 mantis - cross site code execution and privilege escalation
Bulletin has no description...