CVE-2021-26084

In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before...

Design/Logic Flaw

The Workreap WordPress theme before 2.2.2 AJAX actions workreapawardtempfileuploader and workreaptempfileuploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp...

Acronis True Image 授权问题漏洞

Acronis True Image is a famous data backup and restore software from Acronis Singapore. The software can be used to create drive and disk images and can restore the image when a clean system is needed. A security vulnerability exists in Acronis True Image 2021 Update 4 and earlier versions for...

The vulnerability of signature verification functions (GOST DSA, EDDSA, and ECDSA) in the Nettle library, due to deficiencies in the cryptographic algorithms used, allows a perpetrator who has not undergone authentication verification to execute arbitrary code.

The vulnerability of signature verification functions GOST DSA, EDDSA, and ECDSA in the Nettle library is related to the shortcomings of the cryptographic algorithms used. Exploiting this vulnerability could allow an attacker to execute arbitrary code by submitting invalid signatures...

PT-2021-2987 · Cisco · Cisco Sd-Wan Vmanage

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco SD-WAN vManage Software, which could allow an unauthenticated, remote attacker to execute arbitrary code ...

CVE-2021-29098

Multiple uninitialized pointer vulnerabilities when parsing a specially crafted file in Esri ArcReader, ArcGIS Desktop, ArcGIS Engine 10.8.1 and earlier and ArcGIS Pro 2.7 and earlier allow an unauthenticated attacker to achieve arbitrary code execution in the context of the current user...

PT-2021-18086 · Esri · Arcgis Desktop +3

Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier ArcGIS Desktop versions 10.8.1 and earlier ArcGIS Engine versions 10.8.1 and earlier ArcGIS Pro versions 2.7 and earlier Description: The issue arises from multiple uninitialized pointer...

Adobe Animate 缓冲区错误漏洞

Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. A buffer overflow vulnerability exists in Adobe Animate 21.0.3 and earlier versions, which can be exploited by an unauthenticated attacker to achieve arbitrary code execution in the context of the current...

CVE-2021-27255

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refreshstatus.aspx endpoint. The issue results from a lack o...

Matthias Van Woensel qcubed 安全漏洞

Matthias Van Woensel qcubed is an application by Matthias Van Woensel. It provides a PHP model-view-controller framework for rapid application development. A security vulnerability exists in qcubed all versions including 3.1.1 that allows unauthenticated code execution via a crafted POST request...

Vulnerabilities fixed in Android

Several vulnerabilities have been fixed in Android. The vulnerabilities allow a malicious person, remote or otherwise, to perform able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root rights Remote code execution User rights Access to...

Multiple Cisco Product Licensing Issues Vulnerabilities

The Cisco RV160, among others, is a router from Cisco, USA that is used in enterprise environments. An authorization issue vulnerability exists in the Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers, which could be exploited by an unauthenticated, remote attacker to...

Vulnerabilities fixed in Salt

Vulnerabilities have been fixed in Salt. Salt is used used in VMware vRealize Operations Manager and RSA NetWitness. Exploiting the vulnerabilities allows an unauthenticated malicious person to execute willful code with permissions of the application. To do this, the malicious party must have...

CVE-2020-5640

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors...

Vulnerabilities fixed in Red Hat ipa

Vulnerabilities have been fixed in Red Hat ipa. The vulnerabilities allow an unauthenticated malicious person to execute arbitrary code on the victim's browser. To do this, the malicious party must trick the victim into following a rogue hyper-link to follow. In addition, the vulnerabilities enab...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

Code injection

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...

CVE-2020-16147

The CVE-2020-16147 entry concerns Telmat AccessLog (versions ≤ 6.0, TAL_20180415). According to connected sources, the vulnerability stems from an incorrectly programmed call to an advanced local procedure in the login page, enabling an unauthenticated attacker to inject code over the network and...

CVE-2020-16147

The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...