CVE-2021-27240

This vulnerability allows local attackers to escalate privileges on affected installations of SolarWinds Patch Manager 2020.2.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within th...

CVE-2020-27006

A vulnerability has been identified in JT2Go All versions V13.1.0.1, Teamcenter Visualization All versions V13.1.0.1. Affected applications lack proper validation of user-supplied data when parsing of PCT files. This could result in a memory corruption condition. An attacker could leverage this...

CVE-2020-17398

This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2020-26998

A vulnerability has been identified in JT2Go All versions V13.1.0.2, Teamcenter Visualization All versions V13.1.0.2. Affected applications lack proper validation of user-supplied data when parsing of PAR files. This could result in a memory access past the end of an allocated buffer. An attacker...

CVE-2019-14669

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the asset account name. The JavaScript code is executed during a visit to the audit account statistics page...

CVE-2019-13644

Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the same acce...

CVE-2019-14670

Firefly III 4.7.17.3 is vulnerable to stored XSS due to the lack of filtration of user-supplied data in the bill name field. The JavaScript code is executed during rule-from-bill creation...

CVE-2019-13552

In WebAccess versions 8.4.1 and prior, multiple command injection vulnerabilities are caused by a lack of proper validation of user-supplied data and may allow arbitrary file deletion and remote code execution...

CVE-2019-13647

Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$fileid$ attachment viewing. NOTE: It is asserted that an attacker must have the same access rights as the user in...

CVE-2019-13556

In WebAccess versions 8.4.1 and prior, multiple stack-based buffer overflow vulnerabilities are caused by a lack of proper validation of the length of user-supplied data. Exploitation of these vulnerabilities may allow remote code execution...

D-Link DAP-2695 /adv_dhcps.php file cross-site scripting vulnerability

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. The D-Link DAP-2695 suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter fmac in the file...

D-Link DAP-2695 /adv_macbypass.php file cross-site scripting vulnerability

The D-Link DAP-2695 is a high-performance dual-band wireless access point from China's AUO D-Link. A cross-site scripting vulnerability exists in the D-Link DAP-2695, which stems from the lack of effective filtering and escaping of user-supplied data by the parameter fmac in the file...

Trend Micro Apex Central widget getObjWGFServiceApiByApiName Local File Inclusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the getObjWGFServiceApiByApiName function. The issue results from the lack of prope...

TOTOLINK N150RT URL Filtering Page Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT suffers from a cross-site scripting vulnerability that stems from the URL Filtering Page component's lack of effective filtering and escaping of user-supplied data, and no details of the...

WordPress Amazon Product in a Post plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress Amazon Product in a Post plugin, which stems from the application's lack of effective filtering and escaping of...

WordPress AWEOS WP Lock plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress AWEOS WP Lock plugin, which stems from the application's lack of effective filtering and escaping of user-supplied...

gstreamer: EXIF Metadata Parsing Integer Overflow

A flaw was found in the GStreamer library. This flaw allows a remote attacker to send specially crafted content to the victim, allowing for arbitrary code execution within the context of the affected installation's process. The vulnerability is caused by improper parsing of EXIF metadata and a la...

TOTOLINK N150RT LAN Settings Page Component Cross-Site Scripting Vulnerability

The TOTOLINK N150RT is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK N150RT version 3.4.0-B20190525 suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Hostname in the...

Cisco IOS XE SNMP GET-NEXT callHomeUserDefCmdName Unexpected Sign Extension Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port 161 by default. The issue results fro...

Cisco IOS XE SNMP OID Handling Out-Of-Bounds Read Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Cisco IOS XE. Authentication is required to exploit this vulnerability. The specific flaw exists within the SNMP service, which listens on UDP port 161 by default. The issue results fro...