Session fixation

VMware vCenter Server 6.7 before 6.7u3, 6.6 before 6.5u3k contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repositor...

CVE-2020-3994

VMware vCenter Server 6.7 before 6.7u3, 6.6 before 6.5u3k contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with network positioning between vCenter Server and an update repositor...

CVE-2020-3994

CVE-2020-3994 affects VMware vCenter Server (versions 6.7 before 6.7u3, 6.6 before 6.5u3k). It is a session hijack vulnerability in the vCenter Server Appliance Management Interface (VAMI) update function caused by a lack of certificate validation. An attacker with network position between vCente...

CVE-2020-24203

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution...

DEBIAN-CVE-2020-4032

In FreeRDP before version 2.1.2, there is an integer casting vulnerability in updaterecvsecondaryorder. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2...

CVE-2020-4059

In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...

CVE-2020-4059 Command Injection in mversion

In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...

CVE-2020-4059

CVE-2020-4059 affects the mversion library (pre-2.0.0). The vulnerability is a command injection in the library’s internal workflow, which could lead to remote code execution when a client calls the vulnerable method with untrusted input. The issue is fixed in version 2.0.0; older releases are de...

Avast Secure Browser 76.0.1659.101 Local Privilege Escalation Vulnerability

A local privilege escalation issue was discovered in Avast Secure Browser version 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe which is running as NT AUTHORITY\SYSTEM when AvastSecureBrowser.exe checks for new updates. Avast Secure Browser...

The vulnerability of the software update function of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a attacker to load any file onto a vulnerable device.

The vulnerability of the Cisco Enterprise NFV Infrastructure Software’s software update function NFVIS is related to errors during file signature verification. Exploiting this vulnerability could allow an attacker to load any desired file onto a vulnerable device...

CVE-2018-16613

An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction...

CVE-2018-16613

An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction...

Linux Kernel 'marvell/mwifiex/scan.c' File Buffer Overflow Vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the 'mwifiexupdatebssdescwithie' function in the marvell/mwifiex/scan.c file in the Linux Kernel. The vulnerability stems fro...

CVE-2019-12106

The updateDevice function in minissdpd.c in MiniUPnP MiniSSDPd 1.4 and 1.5 allows a remote attacker to crash the process due to a Use After Free vulnerability...

GxlcmsQY update function arbitrary PHP code execution vulnerability

GxlcmsQY system is a quick website cms tailored for business users. An arbitrary PHP code execution vulnerability exists in the update function in LibLibActionAdminTplAction.class.php in Gxlcms QY v1.0.0713. A remote attacker can exploit this vulnerability by placing code in a template to execute...

CVE-2018-9847

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2018-9847

In Gxlcms QY v1.0.0713, the update function in Lib\Lib\Action\Admin\TplAction.class.php allows remote attackers to execute arbitrary PHP code by placing this code into a template...

CVE-2018-9847

GxlcmsQY v1.0.0713 contains an arbitrary PHP code execution vulnerability in the update function (Lib\Lib\Action\Admin\TplAction.class.php). An attacker can place code into a template to achieve remote code execution with network access. Public references in CNVD and NVD corroborate the issue; CV...

OpenSSL 'MDC2_Update' Function Integer Overflow Vulnerability

OpenSSL is an open source capable of implementing the Secure Sockets Layer SSL v2/v3 and Secure Transport Layer TLS v1 protocols developed by the OpenSSL team as a general-purpose cryptographic library that supports a wide range of cryptographic algorithms including symmetric ciphers, hash...

Design/Logic Flaw

Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/locationbar/openpdfinreaderview.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service heap memory corruption or possibly have unspecified other...