CVE-2020-3345

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. The vulnerability is due to improper checks on parameter values within affected pages. An attacker could...

Huawei Honor V30 Inappropriate Authentication Vulnerability

Huawei Honor V30 is a smartphone from Chinese company Huawei Huawei. A security vulnerability exists in previous versions of Huawei Honor V30 10.1.0.212 C00E210R5P1, which stems from the program's failure to properly validate parameters. An attacker can exploit the vulnerability with the help of ...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2020-52407)

Huawei IPS Module and others are products of Huawei, China.Huawei IPS Module is an Intrusion Prevention System IPS module.NGFW Module is a Next-Generation Firewall NGFW module.Secospace USG6600 is a Next-Generation Firewall product. A buffer overflow vulnerability exists in multiple Huawei...

Huawei Honor 10 Denial of Service Vulnerability

Huawei Honor 10 is a smartphone product from Chinese company Huawei Huawei. A security vulnerability exists in previous versions of Huawei Honor 10 10.0.0.178 C00E178R1P4, which stems from the program failing to properly validate parameters. An attacker can exploit the vulnerability to cause a...

IBM WebSphere Application Server and Liberty Information Disclosure Vulnerability

IBM WebSphere Application Server WAS and IBM WebSphere Application Server Liberty are both products of IBM Corporation in the U.S. IBM WebSphere Application Server is an application server product. The product is a platform for JavaEE and Web services applications and is the foundation of the IBM...

Mitel Networks MiVoice Connect UCB Component Code Execution Vulnerability

Mitel Networks MiVoice Connect is Mitel Networks Canada's software for centralized management of Mitel Networks' call handling and collaboration tools. A remote code execution vulnerability exists in the UCB component of Mitel Networks MiVoice Connect prior to version 19.1 SP1, which stems from...

CVE-2020-10514

iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command...

OS Command Injection

strong-nginx-controller is vulnerable to OS command injection. Lack of validation and sanitization of the action parameter allows an attacker to inject and execute arbitrary OS commands via the nginxCmd function...

Rivet Killer Control Center Elevation of Privilege Vulnerability

Rivet Killer Control Center is a computer performance optimization and control software. The program mainly supports application checking and setting priorities. A security vulnerability has been identified in Rivet Killer Control Center, Rivet Killer Control Center before 2.1.1352.IOCTL 0x120004...

Huawei Honor V10 Buffer Overflow Vulnerability

Huawei Honor V10 is a smartphone product from Chinese company Huawei Huawei. A buffer overflow vulnerability exists in Huawei Honor V10 versions prior to BKL-AL20 10.0.0.156 C00E156R2P4 and prior to BKL-L09 10.0.0.146 C432E4R1P4, which stems from a failure to adequately validate incoming...

CVE-2014-5138

Innovative Interfaces Sierra Library Services Platform 1.23 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule...

Design/Logic Flaw

Innovative Interfaces Sierra Library Services Platform 1.23 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule...

CVE-2014-5138

Innovative Interfaces Sierra Library Services Platform 1.23 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule...

CVE-2014-5138

CVE-2014-5138 concerns the Sierra Library Services Platform (1.2_3) where the application mishandles multiple instances of the same query parameter, enabling an attacker to bypass parameter validation via crafted requests. The issue is tied to the Webpac Pro submodule in some configurations. Publ...

Starbucks: Hong Kong - Open Redirect on card.starbucks.com.hk

l00ph0le discovered that card.starbucks.com.hk was vulnerable to an open redirect due to improper parameter validation. @l00ph0le — thank you for reporting the original vulnerability and for confirming the resolution...

Unspecified Vulnerability in Multiple Qualcomm Products (CNVD-2020-16055)

Qualcomm MDM9640 and others are products of Qualcomm Incorporated, U.S.A. The MDM9640 is a central processing unit CPU product.The MSM8996AU is a central processing unit CPU product.The QCA6574AU is a central processing unit CPU product. A security vulnerability exists in WLAN HOST in multiple...

Cisco IOS XE Virtualization Manager CLI Command Injection Vulnerability

Cisco IOS XE is a set of modular operating system based on Linux kernel developed by Cisco for its network equipment. A command injection vulnerability exists in Cisco IOS XE's CLI commands related to the Virtualization Manager. The vulnerability stems from insufficient validation of parameters...

Cross-site Scripting (XSS)

wordpress is vulnerable to cross-site scripting. The attack is due to lack of validation of parameters in the post previews by authenticated users which allows an attacker to inject and execute arbitrary scripts...

Code injection

DISPUTED cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.17 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true tha...

CVE-2019-3417

All versions up to V1.1.10P3T18 of ZTE ZXHN F670 product are impacted by command injection vulnerability. Due to insufficient parameter validation check, an authorized user can exploit this vulnerability to take control of user router system...