120 matches found
EUVD-2019-13069
Malware in sbrugna...
CVE-2019-3430
All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have an information disclosure vulnerability. Attackers could use this vulnerability to collect data information and damage the system...
Formwork has a cross-site scripting (XSS) vulnerability in Site title
Summary The site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users. Impact The attack is widespread, leveraging what XSS can do...
CVE-2023-28399
Incorrect permission assignment for critical resource exists in CONPROSYS HMI System CHS versions prior to 3.5.3. ACL Access Control List is not appropriately set to the local folder where the affected product is installed, therefore a wide range of privileges is permitted to a user of the PC whe...
CuppaCMS Remote Code Execution (CVE-2022-37190)
A remote code execution vulnerability exists in CuppaCMS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
O2OA Remote Code Execution (CVE-2022-22916)
A remote code execution vulnerability exists in O2OA. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Microsoft Exchange Remote Code Execution (CVE-2020-17132)
A remote code execution vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Adobe ColdFusion Authentication Bypass (APSB22-44: CVE-2022-38420)
An authentication bypass vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to damage the user's system...
Adobe ColdFusion Improper Access to a Restricted Directory (APSB22-44: CVE-2022-38418)
An improper access to a restricted directory vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
iCMS Article SQL Injection (CVE-2018-12888)
An SQL injection vulnerability exists in iCMS. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Adobe Acrobat and Reader Improper Input Validation (APSB22-39: CVE-2022-35668)
A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Zimbra Collaboration CRLF Injection (CVE-2022-27924)
A CRLF injection vulnerability exists in Zimbra Collaboration. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
curl: CVE-2022-32207: Unpreserved file permissions
Summary: Curl fails to preserve file permissions when writing: - CURLOPTCOOKIEJAR database - CURLOPTALTSVC database - CURLOPTHSTS database Instead the permissions is always reset to 0666 & umask if the file is updated. As a result a file that was before protected against read access by other user...
Adobe Acrobat and Reader NULL Pointer Dereference (APSB22-01: CVE-2021-44740)
A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Adobe Acrobat and Reader Improper Input Validation (APSB22-01: CVE-2021-44712)
A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
PTCL Modem HG150-Ub Authentication Bypass (CVE-2021-35296)
A vulnerability exists in PTCL HG150-Ub. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Thecus N4800Eco NAS Server Command Injection
A vulnerability exists in Thecus. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
EFS Easy Chat Server Information Disclosure
An information disclosure vulnerability exists in EFS Easy Chat Server. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Linear eMerge Arbitrary File Upload (CVE-2019-7257)
A vulnerability exists in Linear eMerge E3 devices. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
PHPGurukul Car Rental Arbitrary File Upload (CVE-2021-26809)
An arbitrary file upload vulnerability exists in PHPGurukul Car Rental. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...