Improper Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Authorization via the afterFind process. An attacker can gain unauthorized access to protected files by sending HTT...

SQL Injection

Overview bacula-web/bacula-web is a The open source web based reporting and monitoring tool for Bacula. Affected versions of this package are vulnerable to SQL Injection via the getJobFiles function in the application/Table/JobFileTable.php . An attacker can execute arbitrary code on the server b...

VIMESA VHF/FM Transmitter Blue Plus 访问控制错误漏洞

VIMESA VHF/FM Transmitter Blue Plus is an LCD monitor from VIMESA. An access control error vulnerability exists in the VIMESA VHF/FM Transmitter Blue Plus version 9.7.1, which stems from the presence of a denial of service vulnerability that could allow an unauthenticated attacker to issue an...

WordPress plugin Image Hover Effects Ultimate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Jetpack plugin <= 9.7.1 - Attached Image Comment Leak For Non-Published Post And Pages in Carousel Feature

Page/Post Attachment Comment Leak Of Not Published Post And Pages in Carousel Feature discovered by nguyenhgvcs in WordPress Jetpack plugin versions = 9.7.1. Solution Update the WordPress Jetpack plugin to the latest available version at least 9.8...

CVE-2021-27194

Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords...

CVE-2021-27193

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation...

Netop Vision 访问控制错误漏洞

Netop Vision is an application from the Danish company Netop. It provides a classroom management software. An Access Control Error vulnerability in Netop Vision Pro 9.7.1 and prior versions can be exploited by an unauthenticated, remote attacker to read or write files on a remote computer,...

Foxit Reader and PhantomPDF Type Obfuscation Remote Code Execution Vulnerability (CNVD-2020-24445)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in the handling of the RotatePage command in Foxit Reader and Foxit PhantomPDF 9.7.1.29511 and earlier versions for Windows-based platforms, which stems from the program's...

Foxit PhantomPDF < 9.7.1 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 9.7.1. It is, therefore, affected by multiple vulnerabilities: - A use-after-free error exists related to handling watermarks, AcroForm objects, text fields, or...

Code injection

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service deadlock and daemon hang by sending a query at the time of 1 an IXFR transfer or 2 a DDNS update...

Internet System Consortium Releases BIND Advisory

The Internet System Consortium has released an advisory to address a vulnerability affecting BIND versions 9.7.1 through 9.7.2-P3. This vulnerability may allow an attacker to cause a denial-of-service condition. US-CERT encourages users and administrators using the affected versions of BIND to...

ISC BIND IXFR Transfer/DDNS Update Remote Denial of Service Vulnerability

ISC BIND is prone to a remote denial-of-service vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind";...