487 matches found
CVE-2023-25780
It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. A LAN attacker with normal user privilege can exploit this vulnerability to modify substitute agent to arbitrary users, resulting in serious consequence...
Furbo 360° Dog Camera 命令注入漏洞
Furbo 360° Dog Camera is a camera for remote viewing of pet dogs from Furbo. The Furbo 360° Dog Camera suffers from a command injection vulnerability that stems from insufficient filtering of special parameters in the device's log management function, which can be exploited by an unauthenticated,...
ASUS RT-AC86U 操作系统命令注入漏洞
The ASUS RT-AC86U is a dual-band Wi-Fi router from the Chinese company ASUS. The ASUS RT-AC86U suffers from an operating system command injection vulnerability that originates from not filtering the special characters of parameters in specific URLs, which can be exploited by a remote attacker wit...
CVE-2023-30602 Hitron Technologies Inc. CODA-5310 - Insecure service Telnet
Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and administrator...
CVE-2023-29727
The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can use this to cause...
Wa-Tunnel - Tunneling Internet Traffic Over Whatsapp
This is a Baileys based piece of code that lets you tunnel TCP data through two Whatsapp accounts. This can be usable in different situations, for example network carriers that give unlimited whatsapp data or airplanes where you also get unlimited social network data. It's using Baileys since it'...
Employee Task Management System v1.0 - SQL Injection Vulnerability
Exploit Title: Employee Task Management System v1.0 - SQL Injection on task-details.php?taskid=? Exploit Author: Muhammad Navaid Zafar Ansari CVE Assigned: CVE-2023-0904 mitre.org, nvd.nist.org Vendor Homepage: https://www.sourcecodester.com Software Link: Employee Task Management System Version:...
PYSEC-2023-263
An improper array index validation vulnerability exists in the stlfixnormaldirections functionality of ADMesh Master Commit 767a105 and v0.98.4. A specially-crafted stl file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability...
PT-2023-13581 · Admesh · Admesh
Name of the Vulnerable Software and Affected Versions: ADMesh versions 0.98.4 and Master Commit 767a105 Description: An improper array index validation issue exists in the stl fix normal directions functionality, which can lead to a heap buffer overflow when a specially-crafted stl file is...
PT-2023-16874 · Unknown · Sourcecodester File Tracker Manager System
Name of the Vulnerable Software and Affected Versions: SourceCodester File Tracker Manager System version 1.0 Description: A problematic issue was found in the SourceCodester File Tracker Manager System, affecting an unknown part of the file normal/borrow1.php. The manipulation of the id argument...
SUSE CVE-2021-29568
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger undefined behavior by binding to null pointer in tf.rawops.ParameterizedTruncatedNormal. This is because the...
SUSE CVE-2021-29963
Address bar search suggestions in private browsing mode were re-using session data from normal mode. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 89...
SUSE CVE-2022-0812
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpcrdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information...
Two Stored XSS in Instructions and User Widget
Stored XSS 1 Description 1 The santinizer founction noxsshtml$html can be bypassed since it missed to ban the tag of in $bannedelements = 'script', 'iframe', 'embed';. By this missing, the logged admin can maliciously inject xss payloads like in the backend database using the point POST...
PT-2023-1170 · Vim +8 · Vim +8
Name of the Vulnerable Software and Affected Versions: Vim versions prior to 9.0.1189 Description: The issue is related to a heap-based buffer overflow in the Vim text editor, specifically in the src/normal.c component. This overflow occurs in dynamic memory and can be exploited to allow an...
CVE-2022-47976
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections...
CVE-2022-47976
The DMSDP module of the distributed hardware has a vulnerability that may cause imposter control connections.Successful exploitation of this vulnerability may disconnect normal service connections...
Easytest 代码问题漏洞
Easytest is an online learning quiz platform of China Huaqi Digital Technology Company. A security vulnerability exists in Easytest due to an insufficient filtering of special characters and file types in its File Upload feature, which allows remote attackers with normal user privileges to upload...
Dahua software products 代码问题漏洞
Dahua software products are a family of applications from the Chinese company Dahua. A security vulnerability exists in a number of Dahua software products, which stems from an unrestricted file upload that allows an attacker to upload arbitrary files by sending a specific, carefully crafted...
CVE-2022-3752 Rockwell Automation GuardLogix and ControlLogix controllers Vulnerable to Denial-Of-Service Attack
An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user wou...