CVE-2019-5210

Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.190C00E190R6P2and Versions earlier than 9.1.1.175C00E170R3P2 have an improper validation of array index vulnerability. The system does not properly validate the input value before use it as an array index when processing certain...

CVE-2019-5282

Bastet module of some Huawei smartphones with Versions earlier than Emily-AL00A 9.0.0.182C00E82R1P21, Versions earlier than Emily-TL00B 9.0.0.182C01E82R1P21, Versions earlier than Emily-L09C 9.0.0.203C432E7R1P11, Versions earlier than Emily-L29C 9.0.0.203C432E7R1P11, Versions earlier than...

CVE-2019-5246

Smartphones with software of ELLE-AL00B 9.1.0.109C00E106R1P21, 9.1.0.113C00E110R1P21, 9.1.0.125C00E120R1P21, 9.1.0.135C00E130R1P21, 9.1.0.153C00E150R1P21, 9.1.0.155C00E150R1P21, 9.1.0.162C00E160R2P1 have an insufficient verification vulnerability. The system does not verify certain parameters...

Design/Logic Flaw

Smartphones with software of ELLE-AL00B 9.1.0.109C00E106R1P21, 9.1.0.113C00E110R1P21, 9.1.0.125C00E120R1P21, 9.1.0.135C00E130R1P21, 9.1.0.153C00E150R1P21, 9.1.0.155C00E150R1P21, 9.1.0.162C00E160R2P1 have an insufficient verification vulnerability. The system does not verify certain parameters...

Design/Logic Flaw

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193C00E190R2P1 have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...

CVE-2019-5246

Smartphones with software of ELLE-AL00B 9.1.0.109C00E106R1P21, 9.1.0.113C00E110R1P21, 9.1.0.125C00E120R1P21, 9.1.0.135C00E130R1P21, 9.1.0.153C00E150R1P21, 9.1.0.155C00E150R1P21, 9.1.0.162C00E160R2P1 have an insufficient verification vulnerability. The system does not verify certain parameters...

CVE-2019-5229

P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.193C00E190R2P1 have an insufficient verification vulnerability. The system does not verify certain parameters sufficiently, an attacker should connect to the phone and gain high privilege to launch the attack, successful exploit could...

File Inclusion Vulnerability in TpShop

Tpshop is an open source mall system of Shenzhen SoBao Network Co. TpShop has a file inclusion vulnerability that can be exploited by attackers to execute malicious code...

XMind has a dll hijacking vulnerability

XMind is a mind mapping software developed by Shenzhen Ice Software Technology Co., Ltd. and millions of users around the world are using XMind. XMind has a dll hijacking vulnerability that can be exploited by attackers to load a malicious dll and execute malicious code...

Tencent game platform Wegame has dll hijacking vulnerability

Tencent wegame platform is an upgraded version of Tencent Game Platform TGP. Tencent wegame platform provides users with the best quality game services, supports domestic games, and also cooperates with foreign game makers to provide, including information, purchase, download, assistant, live...

Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload

===========Security Intelligence============ Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 Exploit Author: Pankaj Kumar Thakur Nepal ==========Table of Contents============== Overview Detailed description Thanks & Acknowledgements References ==========Vulnerability...

Updated firefox packages fix security vulnerabilities

The updated packages fix several bugs and some security issues: Sandbox escape through Firefox Sync. CVE-2019-9812 Stored passwords in 'Saved Logins' can be copied without master password entry. CVE-2019-11733 Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1. CVE-2019-11735 File...

cad quick draw suffers from dll hijacking vulnerability

Shanghai Xiaomai Technology is an Internet software and engineering data service provider for the building decoration and related manufacturing industries in China. There is a dll hijacking vulnerability in cad quick draw. An attacker can use this vulnerability to load malicious dll and execute...

cad mini drawing suffers from dll hijacking vulnerability (CNVD-2019-33724)

Shanghai Xiaomai Technology is an Internet software and engineering data service provider for the building decoration and related manufacturing industries in China. A dll hijacking vulnerability exists in cad mini drawing CNVD-C-2019-128647. An attacker can exploit the vulnerability to load a...

FreeBSD : mozilla -- multiple vulnerabilities (05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6)

Mozilla Foundation reports : CVE-2019-11751: Malicious code execution through command line parameters CVE-2019-11746: Use-after-free while manipulating video CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML CVE-2019-11742: Same-origin policy violation with SVG...

KLA11531 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader

Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to obtain sensitive information and execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Multiple out-of-bound read...

CVE-2019-5223

PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution...

CVE-2019-5223

PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution...

CVE-2019-5223

PCManager 9.1.3.1 has an improper authentication vulnerability. The certain driver interface of the software does not perform a validation of user-mode data properly, successful exploit could result in malicious code execution...

UCMS fileedit.php page code injection vulnerability

UCMS is a simple open source content management system. A code injection vulnerability exists in the UCMS fileedit.php page. An attacker can exploit the vulnerability to execute malicious code...