Samsung Gallery Elevation of Privilege Vulnerability

Samsung Gallery is an application from Samsung South Korea. The best image and video viewing application for Galaxy users. An elevation of privilege vulnerability exists in Gallery versions prior to 5.4.16.1, which can be exploited by an attacker to perform privileged operations...

SQL Injection Vulnerability in Telecom Gateway Configuration Management System it***_im***_po***.php Page

China Telecom Group Corporation is China's mega state-owned telecommunications enterprise and a global partner of the Shanghai World Expo. A SQL injection vulnerability exists in the itimpo.php page of the Telecom Gateway Configuration Management System, which can be exploited by attackers to...

Arbitrary File Read Vulnerability in Device Access Gateway of Zhejiang Dahua Corporation Technology Co.

Zhejiang Dahua Technology Co., Ltd. is a video-centered intelligent IOT solution provider and operation service provider. An arbitrary file read vulnerability exists in the device access gateway of Zhejiang Dahua Technology Co. Ltd, which can be exploited by attackers to obtain sensitive...

Command Execution Vulnerability in the Firewall Gateway Management System of Shenzhen Hechen Communication Technology Co.

Yoyo is a registered trademark of Shenzhen Hechen Communication Technology Co., Ltd, founded in 1998, the main products are Mailgard Yoyo series mail servers, mail archiving, spam filtering gateway, mail gateway, global mail gateway, mail load balancing gateway, firewalls, VPNs, etc. Yoyo is the...

Arbitrary File Download Vulnerability in Youyou Firewall of Shenzhen Hechen Communication Technology Co.

Yoyo is a registered trademark of Shenzhen Hechen Communication Technology Co., Ltd, founded in 1998, the main products are Mailgard Yoyo series mail servers, mail archiving, spam filtering gateway, mail gateway, global mail gateway, mail load balancing gateway, firewalls, VPNs, etc. Yoyo is the...

ABUS Secvest FUAA50000 Information Disclosure Vulnerability

ABUS Secvest FUAA50000 is a wireless remote control from ABUS Germany. An information disclosure vulnerability exists in ABUS Secvest FUAA50000 version 3.01.17, which can be exploited by an attacker to obtain sensitive information, such as usernames and passwords, from the system...

Remote Code Execution (RCE)

flow-server is vulnerable to remote code execution. An attacker is able to exploit the vulnerability by sending a fake synchronization message to the server, updating server-side element property values...

Proofpoint Insider Threat Management Server XML External Entity Injection Vulnerability

Proofpoint Insider Threat Management Server is a server-side application from Proofpoint, Inc. for preventing malicious operations by enterprise insiders. An XML external entity injection vulnerability exists in Proofpoint Insider Threat Management Server versions prior to 7.11.1. An attacker cou...

Denial of Service Vulnerability in D-Link DIR-816

The D-Link DIR-816 is a wireless router. A denial of service vulnerability exists in the D-Link DIR-816. An attacker can exploit the vulnerability to cause the program to crash...

Design/Logic Flaw

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabri...

SUSE: Security Advisory (SUSE-SU-2017:2142-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome navigation security bypass vulnerability

Google Chrome is a web browser from Google, an American company. A security vulnerability exists in navigation in versions of Google Chrome prior to 90.0.4430.72. An attacker can exploit this vulnerability to bypass security restrictions...

Denial of Service Vulnerability in ABBYY FineReader (CNVD-2021-30852)

ABBYY FineReader is an all-in-one OCR and PDF software application. ABBYY FineReader suffers from a denial of service vulnerability. An attacker can exploit the vulnerability to cause the program to crash...

Group Office CRM Cross-Site Scripting Vulnerability (CNVD-2021-29739)

Group Office CRM is a software application. Share projects, calendars, files and emails with colleagues and clients online. Easy to use and fully customizable. A cross-site scripting vulnerability exists in the Contacts page in Group Office CRM version 6.4.196. An attacker can exploit this...

Aprelium Abyss Web Server Out-of-Bounds Read Vulnerability

Aprelium Abyss Web Server is a web server from the Tunisian company Aprelium. A security vulnerability exists in Aprelium Abyss Web Server X1 version 2.12.1 and version 2.14, which can be exploited by an attacker to potentially cause an out-of-bounds read via an HTTP request, which could result i...

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2021-29060)

Microsoft Exchange Server is a mail server and calendar server developed by Microsoft. A remote code execution vulnerability exists in Microsoft Exchange Server, which can be exploited by an attacker to achieve remote code execution...

Microsoft Windows and Windows Server Elevation of Privilege Vulnerability (CNVD-2021-34472)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. An elevation of privilege vulnerability exists in the RPC Endpoint Mapper Service in...

OpenIAM Remote Code Execution Vulnerability

OpenIAM is a fully integrated identity and access management platform. A remote code execution vulnerability exists in OpenIAM versions prior to 4.2.0.3. An attacker can exploit this vulnerability to execute arbitrary code via Groovy Script...

Devolutions Server Information Disclosure Vulnerability

Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. An information disclosure vulnerability exists in Devolutions Server versions prior to 2020.3, which can be exploited by an attacker to obtain sensitive...

Devolutions Server Cross-Site Scripting Vulnerability

Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. A cross-site scripting vulnerability exists in Devolutions Server versions prior to 2020.3 in entries of type "Document", which can be exploited by an...