255 matches found
Buffer overflow
A buffer overflow issue was discovered in ZOOK solutionremote administration tool through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command...
CVE-2021-34616
CVE-2021-34616 concerns Aruba ClearPass Policy Manager and describes a remote arbitrary command execution vulnerability. Multiple connected sources specify impact on versions prior to 6.10.0, 6.9.6, and 6.8.9. A CNVD/PRION-type description attributes the root cause to inadequate input validation ...
CVE-2021-34610
The CVE-2021-34610 entry concerns Aruba ClearPass Policy Manager. A remote arbitrary command execution vulnerability affects versions prior to 6.10.0, 6.9.6 and 6.8.9. It is documented as an issue that Aruba has released updates to address. Connected sources consistently describe this vulnerabili...
CVE-2021-34611
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: Prior to 6.10.0, 6.9.6 and 6.8.9. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability...
CVE-2020-29205
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field...
CVE-2021-25158
A remote arbitrary file read vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant...
CVE-2021-25157
CVE-2021-25157 affects Aruba Instant IAP. The remote arbitrary file-read vulnerability impacts Aruba Instant versions listed in the CVE entry (6.4.x, 6.5.x, 8.3.x, 8.5.x, 8.6.x, 8.7.x and below) and Aruba has released patches to address it. Connected documents confirm Aruba has issued fixes/advis...
Panasonic Video Insight VMS vulnerable to arbitrary code execution
Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94 because unencrypted communication exists in the communication using non-well known ports. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its...
CVE-2020-28144
Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code...
D-Link DNS Devices RCE Vulnerability (SAP10183) - Active Check
D-Link DNS-320 devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...
CVE-2020-29474
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...
Sql injection
EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...
CVE-2020-26049
Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...
CVE-2020-26049
Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...
The vulnerability of the REST API interface of the Cisco Data Center Network Manager system allows a perpetrator to perform arbitrary actions on the vulnerable device.
The vulnerability of the REST API interface of the Cisco Data Center Network Manager DCNM system is related to the use of an incomplete blacklist. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device remotely...
Design/Logic Flaw
The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote...
The vulnerability of the NPort IAW5000A-I/O Series web server software lies in its lack of access control mechanisms, allowing attackers to send arbitrary requests to the vulnerable system.
The vulnerability of the NPort IAW5000A-I/O Series web server software is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to send arbitrary requests to the vulnerable system remotely...
The vulnerability of the central control server of SiNVR 3 Central Control Server lies in security flaws in the XML-based communication protocol, allowing attackers to perform arbitrary actions on the vulnerable device.
The vulnerability of the central control server of SiNVR 3 Central Control Server is related to security vulnerabilities in the XML-based communication protocol. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device remotely...
Remote Code Execution (RCE)
ncurses is vulnerable to denial of service. Due to a flaw, there is a format string vulnerability in the fmtentry function. A crafted input will lead to a remote arbitrary code execution attack...
CVE-2019-11999
Potential security vulnerabilities have been identified in HPE OpenCall Media Platform OCMP resulting in remote arbitrary file download and cross site scripting. HPE has made the following updates available to resolve the vulnerability in the impacted versions of OCMP. For OCMP version 4.4.X -...