CVE-2024-47941

A vulnerability has been identified in Solid Edge SE2024 All versions V224.0 Update 9. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the curre...

RHSA-2007:0436 Red Hat Security Advisory: Updated kernel packages for Red Hat Enterprise Linux 3 Update 9

Bulletin has no description...

CVE-2024-25610

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...

Microsoft Exchange Server 授权问题漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voice mail, email filtering and screening, and other features. An authorization issue vulnerability exists in Microsoft Exchange Server. The...

Microsoft Windows Remote Access Connection Manager 权限许可和访问控制问题漏洞

Microsoft Windows Remote Access Connection Manager is a Windows service from Microsoft that manages virtual private network VPN connections from your computer to the Internet. If you disable this service, the VPN client application If this service is disabled, VPN client applications will not...

Microsoft Exchange Server 代码问题漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A code issue vulnerability exists in Microsoft Exchange Server. The following...

Microsoft Exchange Server 代码注入漏洞

Microsoft Exchange Server is the United States Microsoft Microsoft company's set of e-mail service program. It provides email access, storage, forwarding, voicemail, email filtering and screening, and other features. A code injection vulnerability exists in Microsoft Exchange Server. The followin...

CVE-2020-24985

Quadbase EspressReports ES 7 Update 9 is affected. An authenticated user can alter the frmsrc parameter on the MenuPage to retrieve and execute external files or payloads, indicating an input handling/parameter manipulation vulnerability that enables potentially remote file execution within the a...

CVE-2020-24982

An issue was discovered in Quadbase ExpressDashboard EDAB 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account...

Cross site request forgery (csrf)

An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server...

CVE-2020-7317

Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator ePO prior to 5.10.9 Update 9 allows administrators to inject arbitrary web script or HTML via parameter values for "syncPointList" not being correctly sanitsed...

Adobe ColdFusion Code Issue Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A security vulnerability exists in Adobe ColdFusion 2016 Update 15 and earlier and ColdFusion 2018 Upda...

Kernel update: Virtuozzo ReadyKernel patch 76.0 for Virtuozzo 7.0 Update 9 and Virtuozzo Infrastructure Platform 2.5

The cumulative Virtuozzo ReadyKernel patch was updated with stability fixes. The patch applies to the kernel 3.10.0-862.20.2.vz7.73.29 Virtuozzo 7.0 Update 9 and Virtuozzo Infrastructure Platform 2.5. Vulnerability id: PSBM-93047, VSTOR-20922 fusekiopcs: kernel crash in processpcsinitreply caused...

Product update: Virtuozzo 7.0 Update 9 Hotfix 1 (7.0.9-539)

The Hotfix 1 for for Virtuozzo 7.0.9 provides stability and usability bug fixes. Vulnerability id: PSBM-92228 Provided updated packages for Object Storage S3. Vulnerability id: PSBM-92227 A few unused role names were shown and could be assigned on the network interface settings screen in Virtuozz...

Product update: Virtuozzo 7.0 Update 9 (7.0.9-534)

The Update 9 for Virtuozzo 7.0 provides new features as well as security, stability, and usability bug fixes. Vulnerability id: CVE-2018-14634, PSBM-88914 An integer overflow flaw was found in createelftables. An unprivileged local user with access to SUID or otherwise privileged binary could use...

Microsoft Exchange Server CVE-2015-2505 Information Disclosure Vulnerability

Description Microsoft Exchange Server is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Exchange Server 2013 Cumulative Update 8 Microsoft Exchange Server...

CVE-2014-8552

CVE-2014-8552 : The WinCC family (SIMATIC WinCC 7.0 SP3 and earlier, 7.2 before Update 9, 7.3 before Update 2; PCS 7 7.1 SP4 and earlier, 8.0 before SP2 with WinCC 7.2 Update 9, 8.1 before Update 2; TIA Portal 13 before Update 6) contains an unauthenticated remote arbitrary-file-read vulnerabilit...

CVE-2013-1388

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors...

Code injection

Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, 9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9 allows attackers to obtain administrator-console access via unknown vectors...

Java zero-day exploit sold in underground Market

Once again a zero day vulnerability exploit is sold by cyber criminals in the underground, once again a the flaw is related to Oracle's Java software that could allow to gain remote control over victim's machine. The news has been reported by KrebsOnSecurity blog that announced that the exploit...