21 matches found
SecurePoint UTM 12.x Session ID Leak
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2023-01-05 Date...
SecurePoint UTM 12.x Memory Leak
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Scor...
Intel Data Center Manager 4.1 SQL Injection
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Intel Data Center Manager Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html Type: SQL Injection CWE-89 Date found: 2022-01-21 Date...
WordPress BeTheme 26.5.1.4 PHP Object Injection
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Betheme Vendor URL: https://muffingroup.com/betheme/ Type: Deserialization of Untrusted Data CWE-502 Date found: 2022-11-02 Date published: 2022-11-18 CVSSv3 Score: 8.8...
Transposh WordPress Translation 1.0.8.1 Remote Code Execution
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Reliance on File Name or Extension of Externally-Supplied File...
Transposh WordPress Translation 1.0.8.1 Cross Site Request Forgery
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Cross-Site Request Forgery CWE-253 Date found: 2021-08-19 Date...
Transposh WordPress Translation 1.0.7 Cross Site Scripting
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Transposh WordPress Translation Vendor URL: https://wordpress.org/plugins/transposh-translation-filter-for-wordpress/ Type: Cross-Site Scripting CWE-79 Date found: 2021-08-19 Date published:...
God Kings 0.60.1 Notification Spoofing
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: God Kings Vendor URL: https://play.google.com/store/apps/details?id=com.innogames.gkandroid Type: Improper Verification of Intent by Broadcast Receiver CWE-925 Date found: 2020-09-07 Date...
CVE-2020-1654 Junos OS: SRX Series: processing a malformed HTTP message when ICAP redirect service is enabled may can lead to flowd process crash or remote code execution
On Juniper Networks SRX Series with ICAP Internet Content Adaptation Protocol redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service DoS or Remote Code Execution RCE Continued processing of this malformed HTTP message may result in an extended Denial of...
Android o2 Business 1.2.0 Open Redirect
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: o2 Business for Android Vendor URL: https://play.google.com/store/apps/details?id=telefonica.de.o2business Type: Open Redirect CWE-601 Date found: 2020-04-16 Date published: 2020-07-01 CVSSv...
Schneider Electric U.Motion Builder 1.3.4 Command Injection
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: OS Command Injection CWE-78 Date found: 2018-11-15 Date published: 2019-05-13 CVSSv3 Score: 9.8...
Schneider Electric U.Motion Builder 1.3.4 - track_import_export.php object_id Unauthenticated Command Injection
Schneider Electric U.Motion Builder 1.3.4 - trackimportexport.php objectid Unauthenticated Command Injection RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: ...
AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting
AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting RCESEC-2016-009 AppFusions Doxygen for Atlassian Confluence v1.3.2 renderContent Persistent Cross-Site Scripting RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product:...
Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities
Apache Archiva 1.3.9 - Multiple Cross-Site Request Forgery Vulnerabilities RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Apache Archiva Vendor URL: https://archiva.apache.org Type: Cross-Site Request Forgery CWE-253 Date found: 2016-05-...
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
RCESEC-2016-002 XenAPI v1.4.1 for XenForo Multiple Unauthenticated SQL Injections RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: XenAPI for XenForo Vendor URL: github.com/Contex/XenAPI Type: SQL Injection CWE-89 Date found: 2016-05-20 Da...
Swagger Editor 2.9.9 Cross Site Scripting
Swagger Editor v2.9.9 "description" Key DOM-based Cross-Site Scripting RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Swagger Editor Vendor URL: https://github.com/swagger-api/swagger-editor Type: Cross-Site Scripting CWE-79 Date found:...
GetGo Download Manager 4.x Stack Buffer Overflow
RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: GetGo Download Manager Vendor URL: www.getgosoft.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2014-02-20 Date published: 2014-03-02 CVSSv2 Score: 10,0 AV:N/AC:L/Au:N/C:C/I:C/A:C...
Avira Secure Backup 1.0.0.1 Build 3616 Buffer Overflow
RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Avira Secure Backup Vendor URL: www.avira.com Type: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-119 Date found: 2013-10-30 Date published: 2013-11-16 CVSSv2...
Watchguard Server Center 11.7.4 Cross Site Scripting
Watchguard Server Center v11.7.4 Multiple Non-Persistent Cross-Site Scripting Vulnerabilities RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Watchguard Server Center Vendor URL: www.watchguard.com Type: Cross-Site Scripting CWE-79 Date...
Watchguard Server Center 11.7.4 Insecure Library Loading
Watchguard Server Center version 11.7.4 suffers from a dll hijacking vulnerability with wgpr.dll. Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION...