XML Entity Injection Vulnerability in NC Cloud of UFIDA Network Technology Co.

NC Cloud is a digital platform for large enterprises, focusing on digital management, digital operation and digital business, helping large enterprises realize the comprehensive digitalization of people, money, goods and customers. An XML entity injection vulnerability exists in NC Cloud of UFIDA...

XML Entity Injection Vulnerability in NC Cloud of UFIDA Network Technology Corporation (CNVD-2020-64772)

NC Cloud is a digital platform for large enterprises, focusing on digital management, digital operation and digital business, helping large enterprises realize the comprehensive digitalization of people, money, goods and customers. An XML entity injection vulnerability exists in NC Cloud of UFIDA...

XML Entity Injection Vulnerability in NC Cloud of UFIDA Network Technology Corporation (CNVD-2020-64771)

NC Cloud is a digital platform for large enterprises, focusing on digital management, digital operation and digital business, helping large enterprises realize the comprehensive digitalization of people, money, goods and customers. An XML entity injection vulnerability exists in NC Cloud of UFIDA...

CVE-2020-14177

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service DoS vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from versi...

UBUNTU-CVE-2020-25633

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data...

User Enumeration via /ViewUserHover.jspa - CVE-2020-14181

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. This vulnerability was discovered by Mikhail Klyuchnikov of Positive Technologies. Affected versions: versio...

CVE-2020-24613

wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAITCERTCR state, within SanityCheckTls13MsgReceived in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers...

Exploit for Code Injection in Vbulletin

vBulletin RCE 5.x Get Email + SMTP CVE-2019-16759 This tool...

DEBIAN-CVE-2020-15103

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data th...

Guangzhou Suoai Digital Technology Co., Ltd Suoai Smart Payment Speaker E-50 has a logic flaw vulnerability

The Sony Ericsson Group is a high-tech conglomerate that specializes in Bluetooth headphones, LCD TVs, smart audio, Bluetooth stereos, Karaoke entertainment devices, cell phones, amplifiers and other verticals based on multimedia series products. Guangzhou Suoai Digital Technology Co. Suoai Smart...

CVE-2020-14559

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

CVE-2020-4025

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Sit...

freerdp: Out-of-bounds write in planar.c

A flaw was found in freerdp in versions between 1.0 and 2.0.0. An out-of-bounds memory write was found in the planar.c function which could allow an attacker to control data sent from the RDP server to the client. The highest threat from this vulnerability is to data confidentiality and integrity...

DEBIAN-CVE-2020-11044

In FreeRDP greater than 1.2 and before 2.0.0, a double free in updatereadcachebitmapv3order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0...

SQL Injection Vulnerability in ILAS III Digital Library System

Integrated Library Automation System ILAS is a set of integrated library automation system that can be adapted to the use of libraries of different levels, scales and types at home and abroad, which is undertaken and organized by the Shenzhen Library. ILAS III digital library system SQL injection...

The vulnerability of the Server:DDL component of the Oracle MySQL database management system allows a hacker to cause a service failure.

The vulnerability of the Server:DDL component of the Oracle MySQL database management system is related to an uncontrolled consumption of system resources. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

CVE-2019-20402

Support zip files in Atlassian Jira Server and Data Center before version 8.6.0 could be downloaded by a System Administrator user without requiring the user to re-enter their password via an improper authorization vulnerability...

CVE-2019-19802

In Gallagher Command Centre Server v8.10 prior to v8.10.1134MR4, v8.00 prior to v8.00.1161MR5, v7.90 prior to v7.90.991MR5, v7.80 prior to v7.80.960MR2 and v7.70 or earlier, an authenticated user connecting to OPCUA can view all data that would be replicated in a multi-server setup without...

Ltd. website building system has SQL injection vulnerabilities

Ltd. is Xi'an website construction, Xi'an website construction and design, Xi'an website construction and promotion, Xi'an website construction and optimization of professional networking company. Ltd. website construction system there is a SQL injection vulnerability, attackers can use the...

SQL Injection Vulnerability in Jiangmen Pengjiang Kehui Development Co.

Ltd. is a value-added telecommunication service provider offering website construction, WeChat public number service, WeChat small program development, microsite construction, web hosting, web design, program development, enterprise mailbox and website promotion, Flash animation and multimedia...