CVE-2018-9411

In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2018-9341

In impeg2dmcfullxfully of impeg2dmc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2023-39238 ASUS RT-AX55、RT-AX56U_V2 - Format String - 1

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its setiperf3svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution,...

Format string

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. An unauthenticated remote attacker without privilege can...

Debian: Security Advisory (DSA-5413-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3406-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518

A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. CVE-ID| Description| CWE| Affected Products| Pre-conditions ---|---|---|---|---...

Remote code execution

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary loca...

Ubuntu 16.04 ESM : ncurses vulnerabilities (USN-5448-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5448-1 advisory. It was discovered that ncurses was not properly checking array bounds when executing the fmtentry function, which could result in an out-of-bounds write...

PT-2021-6247 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Defender for IoT. It can be exploited by a remote attacker using a specially crafted request,...

CVE-2020-28144

Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code...

D-Link DNS Devices RCE Vulnerability (SAP10183) - Active Check

D-Link DNS-320 devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

CVE-2020-29474

EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...

Sql injection

EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...

Design/Logic Flaw

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote...

Remote Code Execution (RCE)

ncurses is vulnerable to denial of service. Due to a flaw, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2018-1166)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Node.js third-party modules: Lack of input validation and sanitization in react-autolinker-wrapper library causes XSS

NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! I would like to report XSS in...