Astra Linux - уязвимость в ntfs-3g

In NTFS-3G, from version 2021.8.22, ntfsck has a heap-based buffer overflow issue, involving a value of buffer+5123-2. NOTE: The upstream documentation states that ntfsck is deprecated; however, it is still being distributed with some Linux distributions...

Aimeos SQL injection vulnerability

Aimeos is an open-source e-commerce framework designed for online stores. The Aimeos 2021.10 LTS version has a SQL injection vulnerability. This vulnerability stems from the SQL injection in the json api sort parameter, which could allow attackers to inject malicious database queries...

Flatnux 代码问题漏洞

Flatnux is a content management system from Flatnux open source. A code issue vulnerability exists in Flatnux version 2021-03.25, which stems from the file manager allowing the upload of arbitrary PHP files, which could lead to remote code execution...

PHPGurukul COVID19 Testing Management System 代码注入漏洞

The COVID19 Testing Management System is a new crown pneumonia testing management system. COVID19 Testing Management System suffers from a code injection vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by parameter q in file...

PHPGurukul COVID19 Testing Management System 输入验证错误漏洞

The COVID19 Testing Management System is a new crown pneumonia testing management system. The COVID19 Testing Management System has an input validation error vulnerability that originates from an open redirect due to the operation of the parameter q in the file /search-report-result.php. No detai...

CVE-2021-32683

wire-webapp is the web version of Wire, an open-source messenger. A cross-site scripting vulnerability exists in wire-webapp prior to version 2021-06-01-production.0. If a user is instructed to open an image in a new tab right click - open in new tab, or copy the URL and paste it in the URL bar, ...

CVE-2025-22953

A SQL injection vulnerability exists in Epicor HCM 2021 1.9, with patches available: 5.16.0.1033/HCM2022, 5.17.0.1146/HCM2023, and 5.18.0.573/HCM2024. The injection is specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting...

Epicor HCM 安全漏洞

Epicor HCM is a human capital management system from Epicor, Inc. A security vulnerability exists in Epicor HCM version 2021 1.9, which stems from an incorrect manipulation of the parameter filter can lead to SQL injection issues...

Revenera InstallShield 安全漏洞

Revenera InstallShield Flexera InstallShield is a development package from Revenera Inc. for building Windows installers and MSIX packages. A security vulnerability exists in Revenera InstallShield version 2022 R2 and version 2021 R2, which stems from a DLL hijacking triggered by improperly...

Microsoft Office Multiple Vulnerabilities (Dec 2024) - Mac OS X

This host is missing an important security update for Microsoft Office on Mac OSX according to Microsoft security update November 2024 SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

PT-2024-37395 · Hamastar · Hamastar Meetinghub Paperless Meetings

Name of the Vulnerable Software and Affected Versions: Hamastar MeetingHub Paperless Meetings version 2021 Description: A Plaintext Storage of a Password issue in the ebooknote function allows remote attackers to obtain other users' credentials and gain access to the product via an XML file...

Hamastar MeetingHub Paperless Meetings 安全漏洞

Hamastar MeetingHub Paperless Meetings is a paperless e-meeting software from China-based Hamastar. A security vulnerability exists in Hamastar MeetingHub Paperless Meetings version 2021, which stems from the presence of a password plaintext storage vulnerability in the ebooKnote function, which...

CVE-2021-32421

dpic 2021.01.01 has a Heap Use-After-Free in thedeletestringbox function in dpic.y...

PT-2023-21267 · Dassault Systèmes · Solidworks

Name of the Vulnerable Software and Affected Versions: SOLIDWORKS Desktop versions Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023 Description: The issue exists in the DWG and DXF file reading procedure, allowing an attacker to execute arbitrary code while opening a specially crafted file...

PT-2023-24266 · Nissan · Nissan Sylphy Classic

Name of the Vulnerable Software and Affected Versions: Nissan Sylphy Classic version 2021 Description: The remote keyfob system sends the same RF signal for each door-open request, allowing for a replay attack. The vendor claims this issue cannot be reproduced with genuine Nissan parts, citing a...

Trend Micro Security 代码问题漏洞

Trend Micro Security is an antivirus software from Trend Micro. A security vulnerability exists in Trend Micro Security that stems from the presence of a DLL hijacking vulnerability that could result in unsafe loading of dynamic link libraries. Affected products and versions: Trend Micro Security...

Accruent LLC Maintenance Connection SQL注入漏洞

Accruent LLC Maintenance Connection is a comprehensive work order management, preventive maintenance program and parts inventory solution. A security vulnerability exists in Accruent LLC Maintenance Connection versions 2021 and 2022.2, which stems from an SQL injection during emailing to the work...

PT-2023-13357 · Sage · Sage Enterprise Intelligence

Name of the Vulnerable Software and Affected Versions: Sage Enterprise Intelligence version 2021 R1.1 Description: Multiple XSS issues were discovered that allow an attacker to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerabl...

Adobe ColdFusion 路径遍历漏洞

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and a scripting language. A path traversal vulnerability exists in Adobe ColdFusion versions 2018 and 2021, which stems from an...

PT-2022-24558 · Renault · Renault Zoe

Name of the Vulnerable Software and Affected Versions: Renault ZOE version 2021 Description: The remote keyless system sends 433.92 MHz RF signals from the same Rolling Codes set for each door-open request, which allows for a replay attack. Recommendations: For Renault ZOE version 2021, consider...