Buffer overflow vulnerability in multiple NETGEAR products (CNVD-2021-46562)

NETGEAR D3600 and others are products of NETGEAR, Inc.NETGEAR D3600 is a wireless modem.NETGEAR D6100 is a wireless modem.NETGEAR R6100 is a wireless router.NETGEAR R6100 is a wireless router.NETGEAR R6100 is a wireless router.NETGEAR R6100 is a wireless router.NETGEAR R6100 is a wireless...

IBM QRadar SIEM Command Execution Vulnerability

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A command executio...

IBM QRadar SIEM Information Disclosure Vulnerability (CNVD-2020-23044)

IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. An information...

What’s a 10? Pwning vCenter with CVE-2020-3952

...

The vulnerability of the HTTP/2 module of the Apache Traffic Server allows attackers to compromise the confidentiality, integrity, and accessibility of data.

The vulnerability of the HTTP/2 module in the Apache Traffic Server exists due to improper handling of HTTP/2 requests. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of data...

Denial of Service Vulnerability in ForceControl at Beijing ForceControl YuanTong Technology Co.

ForceControl universal monitoring configuration software ForceControl is a general-purpose man-machine visualization monitoring configuration software, is the first domestic automation software products with distributed real-time database technology as the kernel. Ltd. ForceControl has a denial o...

Horde Groupware Webmail Edition 5.2.22 - PHAR Loading

Horde Groupware Webmail Edition 5.2.22 - PHAR Loading exploit-phar-loading.py !/usr/bin/env python3 from horde import Horde import requests import subprocess import sys TEMPDIR = '/tmp' WWWROOT = '/var/www/html' if lensys.argv ' sys.exit1 baseurl = sys.argv1 username = sys.argv2 password =...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796-PoC winners! Daniel García Gutiérrez @dan...

CVE-2019-7589 Kantech EntraPass Improper Input Validation

A vulnerability with the SmartService API Service option exists whereby an unauthorized user could potentially exploit this to upload malicious code to the server that could be executed at system level privileges. This affects Johnson Controls' Kantech EntraPass Corporate Edition versions 8.0 and...

Progress Software MOVEit Transfer SQL Injection Vulnerability (CNVD-2020-19007)

Progress Software MOVEit Transfer is a suite of file transfer software from Progress Software, USA. A SQL injection vulnerability in the REST API in Progress Software MOVEit Transfer version 2019.1 before 2019.1.4 and version 2019.2 before 2019.2.1 can be exploited by an attacker to access the...

CVE-2019-15977

creationtimestamp| type| source ---|---|--- 2020-02-06 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48020 2024-03-19 15:16:48+00:00| seen| https://t.me/ctinow/211577...

CVE-2020-8597 rhostname buffer overflow in pppd

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions. Recent assessments: wvu-r7 at March 10, 2020 6:33pm UTC reported: AFAIK, it is common to enable full mitigations on the binary, with ASLR enabled on the system. While this doesn’...

CVE-2020-0638

An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Update Notification Manager Elevation of Privilege Vulnerability'...

Exploit for Improper Input Validation in Microsoft

Desharialize Desharialize: Easy mode to Exploit CVE-2019-0604...

CVE-2019-19781

An issue was discovered in Citrix Application Delivery Controller ADC and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal...

CVE-2019-19844

creationtimestamp| type| source ---|---|--- 2019-12-24 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47879 2019-12-25 17:34:13+00:00| published-proof-of-concept| https://t.me/antichat/7495 2019-12-25 17:50:39+00:00| published-proof-of-concept| https://t.me/thebugbountyhunter/3584...

Denial of Service Vulnerability in Distribution Terminal PDZ833 of Nanjing Softcore Technology Co.(CNVD-2020-01590)

Nanjing Softcore Technology Co., Ltd. is a company dedicated to the industrialization and promotion of real-time intelligence technology, advanced control and real-time optimization technology, and 3D visualization technology, and mainly provides related products and solutions based on the above...

Siemens XHQ Input Validation Error Vulnerability

Siemens XHQ Production Operations Intelligence is Siemens Energy's flagship solution and is widely deployed by the world's largest oil & gas and chemical companies. Siemens XHQ has an input validation error vulnerability that can be exploited by an attacker to cause the application to behave...

Denial of Service Vulnerability in DIGI PortServer TS 1 TCP Protocol

The PortServer TS series of terminal servers provide simple, reliable and cost-effective serial connections to the network. A denial of service vulnerability exists in the DIGI PortServer TS 1 TCP protocol. An attacker could exploit the vulnerability to launch a denial of service attack...

NetApp ONTAP Select Deploy Elevation of Privilege Vulnerability

ONTAP Select Deploy is a management utility for deploying and managing ONTAP Select clusters. An elevation of privilege vulnerability exists in ONTAP Select Deploy. An attacker could exploit this vulnerability to achieve elevation of privilege...