PT-2026-24857

AdGuard Home and Affected Versions AdGuard Home versions prior to 0.107.73 Description AdGuard Home is a network-wide software for blocking ads and tracking. A critical issue exists where an unauthenticated remote attacker can bypass all authentication mechanisms. This is achieved by sending an...

PT-2023-24242 · Talend · Talend Data Catalog

Name of the Vulnerable Software and Affected Versions: Talend Data Catalog versions prior to 8.0-20230413 Description: The issue concerns the remote harvesting server, which contains a "/upgrade" endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation measure i...

Cisco SPA112 2-Port Phone Adapter 访问控制错误漏洞

The Cisco SPA112 2-Port Phone Adapter is a phone adapter from Cisco USA. A security vulnerability exists in the Cisco SPA112 2-Port Phone Adapters, which stems from the lack of an authentication process in the firmware upgrade feature, and could allow an attacker to execute arbitrary code with fu...

Intel Quartus Prime Pro Buffer Overflow Vulnerability

Intel Quartus Prime Pro is a set of multi-platform design environments from the U.S. company Intel Intel. The product is primarily used for programming programmable logic devices. A buffer overflow vulnerability exists in IntelR StratixR 10 FPGA firmware provided IntelR QuartusR Prime Pro softwar...

CVE-2017-8078

On the TP-Link TL-SG108E 1.0, the upgrade process can be requested remotely without authentication httpupg.cgi with a parameter called cmd. This affects the 1.1.2 Build 20141017 Rel.50749 firmware...

Symantec Enterprise Security Manager远程升级远程代码执行漏洞

Symantec Enterprise Security Manager ESM可以在整个企业范围内为关键性应用程序和服务器自动搜索发现其漏洞隐患和不符合安全策略的设定。 Symantec Enterprise Security Manager存在设计问题，远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 问题存在于ESM代理端的远程升级接口中，ESM代理端接收从熟悉升级协议的任意实体上的升级请求，并没有对源头进行任何可信认证。熟悉代理端协议的攻击者可以以应用程序进程权限执行任意指令。ESM代理端一般以管理员权限执行。 Symantec Enterprise Security...