701 matches found
Foscam C1 Indoor HD Camera cgiproxy.fcgi dns2 address configuration command injection vulnerability
Foscam C1 Indoor HD Camera is a wireless HD IP camera from Foscam China. A security vulnerability exists in the web management interface in the Foscam C1 Indoor HD Camera using application firmware version 2.52.2.37. The vulnerability can be exploited to inject arbitrary shell characters by sendi...
Multiple SQL Injection Vulnerabilities in Ranzhi Collaboration Office Management System
RANZI Coworking Management System is an open source coworking system for small and medium-sized enterprises. Ranzhi Collaboration Office Management System version 4.2.3 has multiple SQL injection vulnerabilities, which can be exploited by attackers to obtain sensitive database information...
systemd-resolved denial of service vulnerability
systemd-resolved is a system service used to manage network name resolution. A denial of service vulnerability exists in systemd-resolved version 233 and earlier. A remote attacker could use this vulnerability to cause a denial of service daemon crash with a specially crafted DNS response...
CVE-2017-3582
Vulnerability in the Oracle SuperCluster Specific Software component of Oracle Sun Systems Products Suite subcomponent: Backup/Restore Utility. Supported versions that are affected are 2.3.8 and 2.3.13. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to the...
MantisBT 'Timeline include' page cross-site scripting vulnerability
MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the Timeline include page used in the My View myviewpage.php and User...
CVE-2017-3412
Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with...
UBUNTU-CVE-2016-8642
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available...
Exponent CMS 'src' Parameter SQL Injection Vulnerability
Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...
Exponent CMS 'version' Parameter SQL Injection Vulnerability
Exponent CMS is a free, open source PHP-based modular content management system CMS of the U.S. OIC Group of companies. The system supports direct editing in the page, and provides user management, site configuration, content editing and other functions. Exponent CMS version 2.3.9 suffers from a...
DEBIAN-CVE-2016-2119
libcli/smb/smbXclibase.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the 1 SMB2SESSIONFLAGISGUEST or 2 SMB2SESSIONFLAGISNULL flag...
The vulnerability of the Cisco IOS operating system, which allows a malicious actor to trigger a service failure
Cisco IOS software contains numerous vulnerabilities in the implementation of Network Meeting Directory Lightweight Directory Access Protocol, LDAP, Session Initiation Protocol, and H.323 protocols. When these vulnerabilities are exploited, a CSCtd10712 error can be triggered, resulting in a rout...
Puppet Server and Agent Arbitrary Code Execution Vulnerability
Puppet Server and Agent are both U.S. Puppet Labs based on the client/server C/S architecture of the configuration management tool, the tool can be used to manage configuration files, users, cron tasks, packages, system services and so on. An arbitrary code execution vulnerability exists in Puppe...
SolarWinds Storage Resource Monitor Profiler SQL Injection Vulnerability
SolarWinds Storage Resource Monitor SRM Profiler formerly known as Storage Manager, STM is a set of Web-based data storage management software from SolarWinds Inc. that integrates storage monitoring, reporting, alarming, and predictive analytics. A SQL injection vulnerability exists in the Web...
Fortinet FortiOS Access Privilege Vulnerability
Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. An access...
Linux kernel IPC object implementation race condition vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A contention condition vulnerability exists in the IPC object implementation of Linux kernel 4.2.3 and earlier. As the 'ipcaddid' function adds incompletely initialized object...
PT-2015-6831 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.2.3 Description: The issue is related to an incorrect sequence of protocol-initialization steps in the sctp init function, which can cause a denial of service, resulting in a panic or memory corruption. This c...
Fortinet FortiGate FortiOS Security Bypass Vulnerability
Fortinet FortiGate running FortiOS is a set of security operating system developed by American Fitta Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security feature...
Fastspot BigTree 'admin.php' Script HTML Injection Vulnerability
Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. An HTML injection vulnerability exists in Fastspot BigTree CMS versions prior to 4.2.3, which stems from the program failing to adequately filter user-submitted input. When...
Vulnerabilities of the CentOS operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information
Multiple vulnerabilities exist in the glibc-2.3.4 package of the CentOS operating system. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...
PYSEC-2014-44
Cross-site scripting XSS vulnerability in safehtml.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors...