IBM DB2 权限许可和访问控制问题漏洞

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An elevation of privilege vulnerability exists in IBM Db2 for Linux that originates from an incorrectl...

Advantech R-SeeNet SQL Injection Vulnerability (CNVD-2021-93824)

Advantech R-SeeNet is an industrial monitoring software from Advantech, Taiwan, China. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleanin...

Advantech R-SeeNet SQL注入漏洞

Advantech R-SeeNet is an industrial monitoring software from Advantech Taiwan. The software is based on the snmp protocol for monitoring platforms and is available for Linux and Windows platforms.Advantech R-SeeNet is vulnerable to a SQL injection vulnerability due to insufficient cleaning of...

DEBIAN-CVE-2021-33098

Improper input validation in the IntelR Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access...

DEBIAN-CVE-2021-41229

BlueZ is a Bluetooth protocol stack for Linux. In affected versions a vulnerability exists in sdpcstateallocbuf which allocates memory which will always be hung in the singly linked list of cstates and will not be freed. This will cause a memory leak over time. The data can be a very large object...

PT-2021-7413 · Bluez +8 · Bluez +8

Name of the Vulnerable Software and Affected Versions: BlueZ affected versions not specified Description: A memory leak issue exists in the sdp cstate alloc buf function of the BlueZ Bluetooth protocol stack for Linux. This function allocates memory that remains in the singly linked list of cstat...

Kmaleon 1.1.0.205 SQL Injection

Exploit Title: Kmaleon 1.1.0.205 - 'tipocomb' SQL Injection Authenticated Google Dork: intitle: "Inicio de Sesión - Kmaleon" Date: 2021-11-05 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.levelprograms.com Software Link: https://www.levelprograms.com/kmaleon-abogados/ Version...

Movable Type 7 r.5002 XMLRPC API Remote Command Injection

class MetasploitModule "Movable Type XMLRPC API Remote Command Injection", 'Description' = %q This module exploit Movable Type XMLRPC API Remote Command Injection. , 'License' = MSFLICENSE, 'Author' = 'Etienne Gervais', author & msf module, 'Charl-Alexandre Le Brun' author & msf module ,...

NewStart CGSL CORE 5.04 / MAIN 5.04 : initscripts Vulnerability (NS-SA-2021-0110)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has initscripts packages installed that are affected by a vulnerability: - rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux platforms allows local users to delete arbitrary files via a symlink attack on a...

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection

Cypress Solutions CTM-200 2.7.1 Root Remote OS Command Injection Vendor: Cypress Solutions Inc. Product web page: https://www.cypress.bc.ca Affected version: 2.7.1.5659 2.0.5.3356-184 Summary: CTM-200 is the industrial cellular wireless gateway for fixed and mobile applications. The CTM-200 is a...

VoIPmonitor 代码注入漏洞

VoIPmonitor is an open source network packet sniffer with a commercial front-end for SIP RTP and RTCP VoIP protocols running on Linux. VoIPmonitor suffers from a command execution vulnerability that can be exploited by an attacker to gain control of the server...

CommScope Ruckus IoT Controller Hard-coded System Passwords

Vulnerability Details Affected Vendor: CommScope Affected Product: Ruckus IoT Controller Affected Version: 1.7.1.0 and earlier Platform: Linux CWE Classification: CWE-259: Use of Hard-coded Password CVE ID: CVE-2021-33218 2. Vulnerability Description Hard coded, system-level credentials exist on...

ZeroShell kerbynet remote command execution

Added: 05/24/2021 Background Zeroshell is a Linux distribution designed for router and firewall appliances which can be administered from a web interface. Zeroshell is no longer supported. Problem A command injection vulnerability allows unauthenticated attackers to execute arbitrary commands by...

Tibco Software TIBCO Administrator 注入漏洞

Tibco Software TIBCO Administrator is an application from the American company Tibco Software. It is used to manage users, monitor computers and deploy applications that use TIBCO products. An injection vulnerability exists in TIBCO Software, which can be exploited by an attacker to perform a...

OESA-2021-1142 libupnp security update

The Universal Plug and Play UPnP SDK for Linux provides support for building UPnP-compliant control points, devices, and bridges on Linux. Security Fixes: Portable UPnP SDK aka libupnp 1.12.1 and earlier allows remote attackers to cause a denial of service crash via a crafted SSDP message due to ...

DEBIAN-CVE-2021-21152

Heap buffer overflow in Media in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

QEMU Out-of-Bounds Read Access Vulnerability

QEMU is a set of simulation processors written by Fabrice Bellard and distributed with source code under the GPL license, widely used on the GNU/Linux platform. An out-of-bounds read access vulnerability exists in ideatapicmdreplyend in hw/ide/atapi.c in QEMU 5.1.0. The vulnerability stems from a...

inoERP form personalization module command execution

Added: 10/28/2020 Background inoERP is an open source web based enterprise management system. Problem A vulnerability in the formpersonalization module allows remote, unauthenticated attackers to execute arbitrary PHP code injected in the templatecode parameter. Resolution No fix is available at...

Artica Proxy 4.30.000000 Authentication Bypass / Command Injection Exploit

This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and...

skia:sksl2spirv: Null-dereference READ with empty stacktrace

Detailed Report: https://oss-fuzz.com/testcase?key=5806581326020608 Project: skia Fuzzing Engine: libFuzzer Fuzz Target: sksl2spirv Job Type: libfuzzerubsanskia Platform Id: linux Crash Type: Null-dereference READ Crash Address: 0x000000000000 Crash State: NULL Sanitizer: undefined UBSAN Crash...