1187 matches found
SweetScape 010 Editor Arbitrary Memory Overwrite Vulnerability
010 Editor is a professional text editor and hexadecimal editor for quickly and easily editing the contents of any file on your computer. An arbitrary memory overwrite vulnerability exists in SweetScape 010 Editor 9.0.1. The vulnerability stems from improper validation of parameters in the intern...
Valve: WG call injection in /economy/contextcommand
The vulnerability involved insufficient parameter validation in context-specific commands to a web-facing gateway. This allowed some economy queries to be executed outside the actual requesters' capability by confusing the type system. Bypasses for initial fixes were also provided...
CVE-2019-3723
Dell EMC OpenManage Server Administrator OMSA versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete th...
Input validation
Dell EMC OpenManage Server Administrator OMSA versions prior to 9.1.0.3 and prior to 9.2.0.4 contain a web parameter tampering vulnerability. A remote unauthenticated attacker could potentially manipulate parameters of web requests to OMSA to create arbitrary files with empty content or delete th...
CVE-2019-3723
CVE-2019-3723 affects Dell EMC OpenManage Server Administrator (OMSA) versions prior to 9.1.0.3 and prior to 9.2.0.4. The flaw is a web parameter tampering vulnerability arising from improper input parameter validation, allowing a remote unauthenticated attacker to manipulate web request paramete...
PT-2019-16627 · Mybb · Mybb
Name of the Vulnerable Software and Affected Versions: MyBB version 1.8.19 Description: The issue allows remote attackers to obtain sensitive information. This occurs because the software discloses the username when it receives a password-reset request that lacks the code parameter...
CVE-2019-1717
A vulnerability in the web-based management interface of Cisco Video Surveillance Manager could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability is due to improper validation of parameters handled by the web-based management interface. An attacker could...
Valve: RCE on partner.steampowered.com
The vulnerability on partner.steampowered.com involved insufficient validation of parameters, which allowed an attacker to specify the name of a PHP function to call with specific parameter types. This could be exploited to call the assert function, which at the time invoked eval, enabling...
CVE-2019-7441
cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amou...
(0Day) Hewlett Packard Enterprise Intelligent Management Center thirdPartyPerfSelectTask Expression Language Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
CVE-2019-1674
A vulnerability in the update service of Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters...
GitLab Wiki API Attachments Command Injection (CVE-2018-18649)
A remote code execution vulnerability has been reported in GitLab Wiki API. The vulnerability is due to improper validation of parameters when uploading files to the Wiki repository via the Wiki API. A remote, authenticated attacker can exploit the vulnerability by sending a crafted request to th...
CVE-2019-1678
A vulnerability in Cisco Meeting Server could allow an authenticated, remote attacker to cause a partial denial of service DoS to Cisco Meetings application users who are paired with a Session Initiation Protocol SIP endpoint. The vulnerability is due to improper validation of coSpaces...
Xorg X11 Server (AIX) - Local Privilege Escalation
Xorg X11 Server AIX - Local Privilege Escalation Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Filese...
VulnCheck KEV: CVE-2018-9866
A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System GMS virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier...
Design/Logic Flaw
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this...
CVE-2018-15442
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. The vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this...
Debian: Security Advisory (DSA-4328-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-15403
A vulnerability in the web interface of Cisco Emergency Responder, Cisco Unified Communications Manager, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an authenticated, remote attacker to redirect a user to a malicious web page. The vulnerabili...
CVE-2018-0460 Cisco Enterprise NFV Infrastructure Software Information Disclosure Vulnerability
A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to read any file on an affected system. The vulnerability is due to insufficient authorization and parameter validation checks. An attacker could exploit this...