Dell BIOS Buffer Overflow Vulnerability (CNVD-2023-05408)

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA.Dell BIOS SMI is vulnerable to a buffer overflow vulnerability that could be exploited by a local attacker to submit a special request that could execute arbitrary code in SMRAM...

Tenda AC18 Buffer Overflow Vulnerability (CNVD-2023-21671)

Tenda AC18 is a router from Tenda. Tenda AC18 is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to submit a special request that could crash a program or execute arbitrary code in context...

Tenda AC18 Buffer Overflow Vulnerability (CNVD-2023-21674)

Tenda AC18 is a router from Tenda. Tenda AC18 is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to submit a special request that could crash the program or execute arbitrary code in the context...

Tenda AC18 Buffer Overflow Vulnerability (CNVD-2023-21675)

Tenda AC18 is a router from Tenda. Tenda AC18 is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to submit a special request that could crash a program or execute arbitrary code in context...

Tenda AC18 Buffer Overflow Vulnerability (CNVD-2023-21676)

Tenda AC18 is a router from Tenda. Tenda AC18 is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to submit a special request that could crash a program or execute arbitrary code in context...

Wireshark 安全漏洞

Wireshark is a network packet analyzer. A security vulnerability exists in Wireshark EAP dissector, which can be exploited by remote attackers to submit a special request that can crash the application...

TOTOLINK NR1800X 缓冲区错误漏洞

TOTOLINK NR1800X is a 5G NR indoor Wi-Fi and SIP CPE broadband access device from China's Gion Electronics TOTOLINK, which is mainly used for the deployment of NR fixed data services in homes and offices to support 5G NR network connectivity. The TOTOLINK NR1800X suffers from a buffer overflow...

SAP Business One client 注入漏洞

SAP Business One is the German SAP SAP company's set of financial management, operations management and human resources management and other functions of enterprise management software. A code injection vulnerability exists in SAP Business One, which can be exploited by a remote attacker to submi...

Cross site request forgery (csrf)

The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the tainsertexternalimage action, allowing a low-privilege user with a role as low as Subscriber to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker...

Zoho ManageEngine Remote Access Plus Trust Management Issue Vulnerability (CNVD-2022-09266)

ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. A trust management issue vulnerability previously existed in Zoho ManageEngine Remote Access Plus 10.1.2121.1, which stems from the fact that the affected product has hard-coded credentials for read-only The...

Zoho ManageEngine Remote Access Plus Trust Management Issue Vulnerability

ZOHO ManageEngine Remote Access Plus is a remote access solution from ZOHO, Inc. A trust management issue vulnerability previously existed in Zoho ManageEngine Remote Access Plus 10.1.2121.1, which stems from the fact that the affected product has hard-coded credentials associated with resetPWD.x...

Command Execution Vulnerability in Xinhuo OA Office System

Xinhu OA office system is an open source online office system. A command execution vulnerability exists in Xinhuo OA Office System, which can be exploited by a remote attacker to submit a special request that can execute arbitrary commands and gain shell privileges on the host...

Microsoft Windows Print Spooler Components 安全漏洞

Windows Print Spooler is a printer background handler for Windows. A code execution vulnerability exists in Microsoft Windows Print Spooler due to a Windows Print Spooler RpcAddPrinterDriverEx Failure to Properly Execute Privileged File Vulnerability, which allows remote attackers to exploit the...

Autodesk Design Review Resource Management Error Vulnerability (CNVD-2021-53948)

Autodesk Design Review ADR is a suite of AutoCAD drafting software support software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a resource management error that could be...

Autodesk Design Review Resource Management Error Vulnerability (CNVD-2021-53946)

Autodesk Design Review ADR is a suite of AutoCAD drawing software assist software from Autodesk, Inc. The software supports viewing, marking, measuring, printing, and tracking changes to 2D and 3D design files.Autodesk Design Review is vulnerable to a resource management error that could be...

MikroTik RouterOS 数字错误漏洞

MikroTik RouterOS is a router operating system developed on Linux. A memory corruption vulnerability exists in MikroTik RouterOS /ram/pckg/advanced-tools/nova/bin/netwatch, which allows remote attackers to exploit the vulnerability by submitting a special request that can crash an application and...

None Advantech Spectre RT ERT351 firmware 安全漏洞

The Advantech Spectre RT ERT351 is a router from Advantech USA providing network routing capabilities. A security vulnerability exists in the Advantech Spectre RT ERT351 that allows a remote attacker to exploit the vulnerability by submitting a special request that can be brute-force broken to...

Microsoft SharePoint 信息泄露漏洞

Microsoft SharePoint is a suite of enterprise business collaboration platforms from Microsoft Corporation. An information disclosure vulnerability exists in Microsoft SharePoint, which can be exploited by remote attackers to submit a special request and obtain sensitive information...

Western Digital My Cloud NAS Elevation of Privilege Vulnerability

Western Digital My Cloud is a personal cloud storage device. A security vulnerability exists in the Western Digital My Cloud NAS that can be exploited by a remote attacker to submit a special request that can elevate privileges...

Default configuration

Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request. NOTE: The discoverer reports "Trustwave has signaled they are disputing our claims." The CVE suggests that there is a security issue with how ModSecurity handles regular expressions that can result in a Denial...