101 matches found
CVE-2021-1488
A vulnerability in the upgrade process of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an authenticated, local attacker to inject commands that could be executed with root privileges on the underlying operating system OS. This...
The vulnerability of the uip_process function in the Contiki OS allows a hacker to trigger a service failure.
The vulnerability of the uipprocess function in the Contiki OS system is related to writing beyond the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the zenone32.exe editor in the COPA-DATA SCADA system allows a intruder to execute arbitrary code.
The vulnerability of the zenone32.exe editor in the COPA-DATA SCADA system is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...
CVE-2019-9678
Some Dahua products have the problem of denial of service during the login process. An attacker can cause a device crashed by constructing a malicious packet. Affected products include: IPC-HDW1X2X,IPC-HFW1X2X,IPC-HDW2X2X,IPC-HFW2X2X,IPC-HDW4X2X,IPC-HFW4X2X,IPC-HDBW4X2X,IPC-HDW5X2X,IPC-HFW5X2X fo...
The vulnerability in the UIProcess subsystem of the rendering module in WebKitGTK+ and WebKitGTK allows a attacker to cause a service failure or affect the confidentiality and integrity of the protected information.
The vulnerability of the UIProcess subsystem in display modules of WebKitGTK+ and WebKitGTK arises from operations that occur outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures or compromise the confidentiality and integrity of...
Type confusion vulnerability instance analysis-vulnerability warning-the black bar safety net
Type confusion vulnerability in General is the type of data A as data of Type B to resolve the reference, which may lead to illicit access to data and thus execute arbitrary code. This article by IE type confusion vulnerability examples and Word type confusion vulnerability examples for analysis,...
Denial Of Service (DoS)
spice-server is vulnerable to denial of service. A memory allocation flaw, leading to a heap-based buffer overflow, was found in spice's smartcard interaction, which runs under the QEMU-KVM context on the host. A user connecting to a guest VM using spice could potentially use this flaw to crash t...
Denial Of Service (DoS)
openstack-nova is vulnerable to denial of service DoS attacks. The vulnerability exists as OpenStack Compute nova 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service...
Sandstorm Server-Side Request Forgery Vulnerability Vulnerability
Sandstorm is a personal cloud platform. The platform features file storage, application management, task and project management, and more. A server-side request forgery vulnerability exists in the install application process in versions prior to Sandstorm build 0.203. A remote attacker can exploi...
Cisco Spark Board Local Security Bypass Vulnerability
Cisco Spark Board is a dedicated tablet device for video conferencing from Cisco. A local security bypass vulnerability exists in the upgrade process in Cisco Spark Board, which arises from the program failing to adequately validate the upgrade package. A local attacker could exploit the...
CVE-2017-14086
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with...
CVE-2017-14102
CVE-2017-14102 affects MIMEDefang 2.80 and earlier. The vulnerability arises when a non-root process creates a PID file after dropping privileges, which could allow a local attacker with access to the non-root account to modify the PID file and kill an arbitrary process before a root script runs ...
DEBIAN-CVE-2015-3902
Multiple cross-site request forgery CSRF vulnerabilities in the setup process in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 allow remote attackers to hijack the authentication of administrators for requests that modify the configurati...
CVE-2015-0421
Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process...
Glype Proxy 1.4.9 Cookie Jar Path Traversal / Code Execution / Filter Bypass
A path traversal vulnerability has been identified in the Glype web-based proxy that allows an attacker to run arbitrary PHP code on the server or to remove critical files from the filesystem. Version 1.4.9 is affected. Glype Proxy version 1.4.9 suffers from a local address filer bypass...
ipa: weakness when initiating join from IPA client can potentially compromise IPA domain
The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority CA certificate from the server, which allows man-in-the-middle attackers to spoof a join procedure via a crafted certificate...
Sqlhello overflow process-vulnerability warning-the black bar safety net
Two days before the use of sqlhello overflow vulnerability tools with a local area network inside a colleague made a joke, made his win2k shell So also want to play about overflow. First with Delphi write a vulnerable program. If not check the input string length, then the input string length is...
Internet cafe billing King chain version of the break-vulnerability warning-the black bar safety net
Management software for“accounting Wang chain version”, it's never touched I like to play free, so we'll crack it. After my repeated attempts,“smart ABC”spill is a relatively simple and effective method. Speaking of this method, I am afraid that NO, a known to everybody. It can almost close all t...
Mantis Bug Tracker 0.x - New Account Signup Mass Emailing
source: https://www.securityfocus.com/bid/10995/info Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks. When a new user signs up to Mantis, the system automatically sends an email message to the given email address. This email contains the users...
SCO OpenServer 5.0.x - mana PATH_INFO Privilege Escalation
SCO OpenServer 5.0.x - mana PATHINFO Privilege Escalation source: https://www.securityfocus.com/bid/8618/info It has been reported that SCO OpenServer Inertnet Manager 'mana' process is prone to a privilege escalation issue allow local users to execute arbitrary code with elevated privileges. man...