90509 matches found
The vulnerability of the MKLogic-500 PLI configuration protocol, due to deficiencies in the encryption algorithm, allows attackers to decrypt the configuration protocol and modify the device’s configuration.
The vulnerability of the MKLogic-500 PLB protocol lies in the transmission of information sufficient to recover encryption keys in an open form. Exploiting this vulnerability allows a malicious actor to decrypt the PLB protocol and modify the device’s configuration...
The vulnerability of the password reset mechanism of the Automation Education System Apex-VUZ allows a hacker to obtain the user’s password.
The vulnerability of the user password reset mechanism in the Apex-VUZ automation system is related to the use of the SHA-1 encryption algorithm, which lacks sufficient robustness. Exploiting this vulnerability could allow an attacker operating remotely to obtain the user’s password...
The vulnerability of the component responsible for creating new account records in the Apex-VUZ education automation system allows a perpetrator to cause service interruptions.
The vulnerability of the component responsible for creating new account records in the Apex-VUZ automation system is related to improper control of the interaction frequency. Exploiting this vulnerability allows a malicious actor to trigger a service failure by sending specially crafted POST...
The vulnerability of the log files of user operations in the Apex-VUZ automation system allows a perpetrator to gain access to authentication information.
The vulnerability of the logs of user operations in the Apex-VUZ automation system is related to the storage of passwords in an open format. Exploiting this vulnerability can allow a malicious actor to gain access to authentication information...
The vulnerability of Moxa VPORT 06EC-2V IP camera software and Moxa VPort 461A video encoder software, related to pointer swapping errors, allows a intruder to execute a brute-force attack.
The vulnerability of Moxa VPORT 06EC-2V IP camera microprogramming software and Moxa VPort 461A video encoder microprogramming software is related to errors in parameter processing involving pointers. Exploiting this vulnerability allows a remote attacker to execute a brute-force attack...
The vulnerability of the RDP server FreeRDP, related to deficiencies in the authentication process, allows attackers to bypass the authentication process.
The vulnerability of the RDP server FreeRDP is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to bypass the authentication process remotely...
The vulnerability of the microprogrammed software of the Moxa NE-4100T serial interface converter lies in the lack of authentication procedures, which allows attackers to circumvent existing security restrictions.
The vulnerability of the Microprogrammed Software for Serial Interface Converters Moxa NE-4100T is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to gain increased privileges remotely...
The vulnerability of the Red Database database management system lies in the return of an incorrect status code, allowing an attacker to trigger a service failure.
The vulnerability of the Red Database database management system is related to the return of incorrect code states. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by exhausting free space on the disk during backup operations...
Vulnerability of the MySQL Server component: The Optimizer component of the MySQL database management system allows a hacker to gain unauthorized access to modify, add, or delete data, or to cause service failures.
The vulnerability of the MySQL Server component involves insufficient validation of input data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to modify, add, or delete data, or to cause a service failure using the MySQL network protocol...
The vulnerability of the URL_GetProtocolType function in the MP4Box multimedia platform’s command allows a hacker to induce a service failure.
The vulnerability of the URLGetProtocolType function in the MP4Box multimedia platform of GPAC is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to cause service failures using a specially created file...
The vulnerability of the Yokogawa CENTUM VP SCADA system, related to errors in the code, allows a intruder to execute arbitrary commands.
The vulnerability of the Yokogawa CENTUM VP SCADA system is related to errors in the code. Exploiting this vulnerability allows an intruder to execute arbitrary code by modifying the project files and injecting their own code into them, which will be executed upon a specified event...
The vulnerability in the web interface for managing server applications used in food industrial enterprises, AK-EM 800, allows a perpetrator to gain unauthorized access to the debugging service.
The vulnerability in the web-based management interface for the server application used to manage food manufacturing enterprises AK-EM 800 is related to errors in password generation. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the debugging service...
The vulnerability of theutils.cfc component in the ColdFusion software platform allows attackers to execute arbitrary code.
The vulnerability of theutils.cfc component in the ColdFusion software platform allows unauthenticated attackers to execute arbitrary code by connecting to any LDAP server via the verifyldapserver parameter...
The vulnerability of the GitBucket collaborative development web service lies in its lack of protection for website structures, allowing attackers to execute arbitrary code.
The vulnerability in the collaborative development web service GitBucket is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of OPPO’s 5G router, which stems from the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary codes.
The vulnerability of OPPO’s 5G router exists due to the failure to take measures to neutralize certain components. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of MasterCard Tokenisation Service (MDES) and Visa Tokenisation Service (VTS) lies in the absence of critical fields in the ARQC cryptographic algorithm (such as 9F15 MCC), which allows a malicious actor to disclose protected information.
The vulnerability of MasterCard Tokenisation Service MDES and Visa Tokenisation Service VTS lies in the possibility of arbitrary modification of the “Amount” field in the Authorisation Request ISO 8583 packet. Exploiting this vulnerability could allow a malicious actor to disclose protected...
The vulnerability of the microprogrammed logic controller ioLogik’s software, related to hard-coding passwords, allows a intruder to escalate their privileges and execute arbitrary code.
The vulnerability of the microprogrammed logic controller ioLogik software relates to the rigid encoding of passwords. Exploiting this vulnerability allows an attacker to enhance their privileges and execute arbitrary code remotely...
The vulnerability of the microprogrammed logic controller ioLogik’s software, related to deficiencies in the authentication process, allows attackers to escalate their privileges within the system.
The vulnerability of microprogrammed software in programmable logic controllers like ioLogik is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow unauthorized individuals to enhance their privileges within the system through specially crafted requests...
The vulnerability of the POST request processing mechanism of the enhanced qualified electronic signature service for operating systems “EMIAS” allows a perpetrator to execute arbitrary code.
The vulnerability of the POST request processing mechanism of the enhanced qualified electronic signature service for operating systems “EMIAS” exists due to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a...
The vulnerability of Moxa EDR-810 microcontroller software, related to buffer overflow in the stack, allows a hacker to execute arbitrary code.
The vulnerability of Moxa EDR-810 microcontroller-based software is related to buffer overflow in the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the SAP Business Objects decision support system lies in the lack of measures taken to protect the website structure. This allows attackers to intercept the session of administrators or users of the web resources.
The vulnerability of the SAP Business Objects decision support system lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to intercept administrator or user sessions on the web resources, using specially crafted POST/GET...
The vulnerability of user authentication within the IKE-protocol’s Xauth mechanism, which stems from insufficient validation of input data, allows attackers to trigger service failures.
The vulnerability related to user authentication within the Xauth protocol of the IKE protocol is linked to improper validation during the file transmission to the program’s input. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of the fly-fm file manager, related to insufficient data processing within the security mechanisms, allows a perpetrator to trigger a service failure.
The vulnerability of the fly-fm file manager is related to the first connection of a network location via sftp. Exploiting this vulnerability allows an attacker who operates remotely to gain access to confidential data due to a denial-of-service attack...
The vulnerability of the application loading optimization service for servers in enterprises with a large number of users lies in the “Balancing Service” of the Engineering Data Management and Product Lifecycle system LOCMAN:PLM. This service allows unauthorized users to execute arbitrary code due to the unlimited loading of dangerous files.
The vulnerability of the application loading optimization service for servers in enterprises with a large number of users is related to unlimited loading of dangerous files. Exploiting this vulnerability allows an attacker to execute arbitrary code by replacing DLL libraries such as DNSAPI.dll in...
The vulnerability of the SCADA system of OIK Dispatching Center, related to the storage of confidential information in unencrypted form, allows a intruder to gain access to user account data.
The vulnerability of the SCADA system of OIK Dispatching is related to the storage of confidential information in unencrypted form. Exploiting this vulnerability can allow an intruder to gain access to user account data...
The vulnerability of the SCADA system of OIK Dispatching NT, related to the insecure storage of critical information, allows a intruder to enhance their privileges.
The vulnerability of the SCADA system of OIK Dispatching is related to the insecure storage of critical information. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of Visual Studio Code’s source editor, related to insufficient protection of service data, allows a hacker to execute arbitrary code.
The vulnerability of Visual Studio Code’s source editor is related to insufficient protection for service data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the backup function for momentary database snapshots in MongoDB Cloud Manager, MongoDB Ops Manager, MongoDB Atlas Legacy Backups, and the document-oriented database management system MongoDB allows a hacker to trigger a service failure.
The vulnerability of the backup function for instant snapshots of MongoDB Cloud Manager, MongoDB Ops Manager, MongoDB Atlas Legacy Backups, and document-oriented database management systems is related to improper handling of conflicting special elements. Exploiting this vulnerability can allow an...
The vulnerability of the cmd.exe command-line interpreter of the Windows operating system allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the cmd.exe command-line interpreter of the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code or cause service interruptions...
The vulnerability in the function of the common/InputStreamHelper.java library of the MPXJ library allows a hacker to write files to arbitrary locations.
The vulnerability in the common/InputStreamHelper.java library of the MPXJ library exists due to an incorrect restriction on the path to the restricted directory. Exploiting this vulnerability could allow a malicious actor to write files to arbitrary locations...
The vulnerability of the eDocLib platform for storing and processing corporate data arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to carry out cross-site scripting attacks.
The vulnerability of the eDocLib platform for storing and processing corporate data exists due to the lack of measures taken to protect its web page structure. Exploiting this vulnerability allows a malicious actor, operating remotely, to execute arbitrary code in the user’s browser by creating a...
The vulnerability of the InstallService component for Windows operating systems, which allows a hacker to increase their privileges
The vulnerability of the InstallService component for Windows operating systems is related to privilege management errors. Exploiting this vulnerability could allow an attacker to enhance their privileges through a specially created application...
The vulnerability of the Sailfish Browser application for the “Avora” operating system, related to buffer overflow in the stack, allows a hacker to trigger a service failure or execute arbitrary code.
The vulnerability of the Sailfish Browser application for the “Avora” operating system is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause service failures or execute arbitrary code...
The vulnerability of the Kaspersky Total Security antivirus protection, related to code errors, allows attackers to increase their privileges.
The vulnerability of the Kaspersky Total Security antivirus protection is related to errors in the code. Exploiting this vulnerability can allow attackers to enhance their privileges by manipulating symbolic links...
The vulnerability of the installation file of the Kaspersky Anti-Ransomware Tool lies in the unsafe process of searching for DLL libraries, which allows a hacker to exploit their privileges.
The vulnerability of the installation file of the Kaspersky Anti-Ransomware Tool is related to a unsafe procedure for locating DLL libraries. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the SCADA system MasterSCADA, related to the storage of passwords in a decipherable format, allows a intruder to decrypt the protected control project.
The vulnerability of the SCADA system MasterSCADA relates to the storage of passwords in a readable format. Exploiting this vulnerability could allow an attacker to decrypt the passwords and access the protected project...
The vulnerability of the var_lldpLocalPortTbl function in the microprogramming software for Moxa EDR-810 allows a hacker to trigger an emergency shutdown of the device.
The vulnerability of the varlldpLocalPortTbl function in the microprogramming software for Moxa EDR-810 is related to character processing errors. Exploiting this vulnerability can allow a malicious actor to trigger an emergency shutdown by sending a specially crafted SNMP request with a negative...
The vulnerability of the Global Protect Agent for Linux’s endpoint protection software lies in its insecure handling of privileges. This allows attackers to elevate their privileges to the root level.
The vulnerability of the Global Protect Agent for Linux endpoint protection software lies in the insecure management of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...
The vulnerability of the astra-safepolicy security configuration, related to the lack of input validation mechanisms, allows attackers to trigger service failures.
The vulnerability of the astra-safepolicy security configuration is related to the lack of a mechanism for checking input data. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service failures...
The vulnerability in the implementation of the WritePDFImage function in ImageMagick and GraphicsMagick graphic editors allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of the WritePDFImage function in ImageMagick and GraphicsMagick graphic editors is related to resource management errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by using a specially created image...
The vulnerability of the security-monitor function in the Secure Boot protocol (part of the UEFI specification) is related to an error in the display of ssh for the root user. This vulnerability allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failure.
The vulnerability of the security-monitor function in the Secure Boot protocol a part of the UEFI specification is related to an error in the display of ssh for the root user, when this protocol is not enabled for the user. Exploiting this vulnerability can allow a remote attacker to access...
The vulnerability of the Omnibox address bar in Google Chrome allows a hacker to compromise data integrity.
The vulnerability of the Omnibox address bar in Google Chrome relates to insufficient validation of entered data. Exploiting this vulnerability allows a malicious actor to compromise data integrity through a specially created HTML page...
The vulnerability of the Microsoft Visual Studio software lies in the transmission of credentials in an unencrypted form, allowing a malicious individual to gain unauthorized access to protected information.
The vulnerability of the Microsoft Visual Studio software relates to the transmission of credentials in an unencrypted form. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information by monitoring network traffic between...
The vulnerability of the canvas objects in browsers such as Firefox, Firefox ESR, and the email client Thunderbird allows attackers to disclose protected information.
The vulnerability of the Canvas object in browsers such as Firefox, Firefox ESR, and the email client Thunderbird is related to a lack of mechanisms for verifying the source of the data. Exploiting this vulnerability can allow an attacker to disclose protected information remotely...
The vulnerability of Google Chrome’s browser, related to security configuration errors, allows a malicious actor to gain unauthorized access to local files.
The vulnerability of Google Chrome is related to security settings errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to local files through a specially created Chrome extension...
The vulnerability of the protection mechanism for the virtual file system “/proc” in the Oracle Solaris operating system allows a perpetrator to execute arbitrary code.
The vulnerability of the protection mechanism for the virtual file system “/proc” in the Oracle Solaris operating system is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the websSecurityHandler function in the MOXA EDR-810 industrial router’s web server allows a hacker to execute arbitrary code.
The vulnerability of the websSecurityHandler function offset 0x1B4B0 in the web server jffs2-root\fs1\magicP\WebServer\webs of the MOXA EDR-810 industrial router is caused by the lack of checking the size of the data being copied into a buffer of 0x200 bytes. Exploiting this vulnerability allows ...
The vulnerability of the ktexteditor text editing tool in the Astra Linux operating system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the ktexteditor text editing tool in the Astra Linux operating system is related to errors in interpreting file access rights. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
The vulnerability of the NPAPI plugin in browsers such as Firefox ESR, Firefox, and the email client Thunderbird allows a hacker to perform cross-site forgery attacks.
The vulnerability of the NPAPI plugin for Firefox ESR, Firefox, and the Thunderbird email client relates to exploiting the Cross-origin Resource Sharing CORS mechanism. Exploiting this vulnerability allows a remote attacker to perform cross-origin requests...
The vulnerability of the built-in software of the “Granite-Navigator-6.18” device lies in the use of uncontrolled format lines, which allows a perpetrator to trigger a service failure.
The vulnerability of the built-in software of the “Granite-Navigator-6.18” device is related to the use of uncontrolled format lines. Exploiting this vulnerability can allow an attacker to cause a service failure by using a specially crafted command e.g., canrcv canteseo2%n%n%n%n%n%n%n when...