SuiteCRM Log File Remote Code Execution Exploit

This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the...

CHIYU 多款设备输入验证错误漏洞

The Chiyu CHIYU BF-430, etc. are all networking servers that provide communication for access control, time and attendance systems, and other devices from Chiyu Technology Chiyu of Taiwan, China. The security vulnerability in CHIYU Technology's BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W,...

SuiteCRM Log File Remote Code Execution

This module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a...

Accusoft ImageGear 输入验证错误漏洞

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. oft ImageGear 19.9 suffers from an input validation error vulnerability that stems from a specially crafted malformed file that could result in a stack-based buffer overflow. No detailed vulnerability...

Arch Linux输入验证错误漏洞

Arch Linux is an application system from Arch Open Source. A lightweight and flexible Linux® distribution that tries to keep it simple. Arch Linux suffers from an input validation error vulnerability that can be exploited by an attacker to pass specially designed data to an application, trigger a...

Accusoft ImageGear 输入验证错误漏洞

Accusoft ImageGear is a software development kit SDK for image processing from Accusoft, USA. ImageGear 19.9 suffers from a buffer overflow vulnerability that stems from the fact that an attacker can exploit the vulnerability by being able to supply a malicious file to trigger the vulnerability. ...

RabbitMQ输入验证错误漏洞

Pivotal Software RabbitMQ is a suite of open source message broker software that implements the Advanced Message Queuing Protocol AMQP from Pivotal Software, USA. RabbitMQ suffers from an input validation error vulnerability that stems from insufficient validation of user-supplied input. A remote...

Apple macOS Big Sur Input Validation Error Vulnerability

Apple macOS Big Sur is a mobile application app from Apple USA. The macOS Big Sur vulnerability is an input validation error vulnerability that arises from a failure to adequately validate user-supplied input within the TCC subsystem, which could allow a malicious application to bypass privacy...

FreeBSD 输入验证错误漏洞

FreeBSD is a set of Unix-like operating systems from the Freebsd Foundation. FreeBSD suffers from an Input Validation Error vulnerability that stems from insufficient message validation in libradius, which allows a remote Radius client to pass specially crafted input to the system and perform a...

Flask-Security 输入验证错误漏洞

Flask-Security is a software application. Quickly add security features to Flask applications. Flask-Security suffers from an input validation error vulnerability that stems from mishandling user-supplied data, which could allow a remote attacker to redirect a victim to an arbitrary URL...

Google Chrome Input Validation Error Vulnerability (CNVD-2021-41128)

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. An input validation error vulnerability exists in Google Chrome versions prior to 91.0.4472.77, which can be exploited by remote attackers to perform domain spoofin...

UPX 输入验证错误漏洞

UPX is an open source executable file packaging program that supports a variety of file formats from different operating systems. An assertion abort vulnerability exists in MemBuffer::alloc in mem.cpp in UPX version 4.0.0. An attacker can exploit this vulnerability via a specially crafted file to...

3S-Smart Software Solutions CODESYS Runtime System Input Validation Error Vulnerability

3S-Smart Software Solutions CODESYS Control runtime system is an application system from 3S-Smart Software Solutions, Germany. It is used for the conversion of any type of smart device into an IEC 61131-3 controller. An input validation error vulnerability exists in 3S-Smart Software Solutions...

Apple macOS 输入验证错误漏洞

Apple macOS is a proprietary operating system from Apple Inc. that was developed specifically for Mac computers. The macOS suffers from an Input Validation Error vulnerability that stems from a boundary error when processing untrustworthy input in Model I/O. A remote attacker could exploit the...

Elastic Kibana 输入验证错误漏洞

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. Elastic Kibana suffers from an input validation error vulnerability that stems from incorrect cleaning ...

Apple macOS 输入验证错误漏洞

Apple macOS is a proprietary operating system developed by Apple Inc. for Mac computers. Apple macOS is vulnerable to an input validation error vulnerability that exists due to a symbolic link issue in the Core Services subsystem, which allows a local user to create specially crafted symbolic lin...

Apple tvOS 输入验证错误漏洞

Apple tvOS is a smart TV operating system from Apple, Inc. tvOS suffers from an input validation error vulnerability that originates from insufficient user-supplied input validation in the operating system kernel subsystem. A remote attacker could exploit this vulnerability to send a specially...

Google Chrome 注入漏洞

Chrome is a simple and efficiently designed web browsing tool developed by Google that is characterized by its simplicity and speed. An input validation error vulnerability exists in Google Chrome versions prior to 91.0.4472.77, which can be exploited by remote attackers to perform domain spoofin...

trailing-slash 输入验证错误漏洞

trailing-slash is an application. Add or remove trailing slashes and redirect. A security vulnerability exists in versions of trailing-slash prior to 2.0.1, when accessing vulnerable endpoints, through the use of trailing double slashes in URLs...

Cisco Small Business Input Validation Error Vulnerability

Cisco Small Business is a switch from the American company Cisco Cisco. Cisco Small Business suffers from an Input Validation Error vulnerability that originates from an incorrect validation provided to the user. An attacker could exploit this vulnerability to perform command injection for attack...