Lucene search
K
Bdu FstecMost viewed

90604 matches found

BDU FSTEC
BDU FSTEC
added 2025/02/26 12:0 a.m.17 views

The vulnerability of the web management console of the IP-ATC Agat CU-7214, related to the lack of measures taken to protect the SQL query structure, allows a hacker to execute arbitrary SQL code.

The vulnerability of the IP-ATC Agat CU-7214 web management console relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary SQL code...

9CVSS6.1AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/13 12:0 a.m.17 views

The vulnerability of Windows operating system DHCP clients allows a perpetrator to execute arbitrary code.

The vulnerability of DHCP clients of Windows operating systems relates to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

7.1CVSS8.1AI score0.00889EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/01/20 12:0 a.m.17 views

The vulnerability of the generateRow() function in the PHP Spreadsheet library allows attackers to perform cross-site scripting attacks.

The vulnerability of the generateRow function in the PHP Spreadsheet library is related to the lack of protective measures for web page structures. Exploiting this vulnerability allows an attacker to perform cross-site scripting attacks remotely...

5.5CVSS5.2AI score0.00373EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.17 views

The vulnerability of the Media Framework component of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Media Framework component in the Android operating system relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to increase their privileges...

7.4CVSS7.4AI score0.00083EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/12/27 12:0 a.m.17 views

The vulnerability of Palo Alto Networks’ network switches, managed by the PAN-OS operating system, stems from insufficient checks for unusual or exceptional states. This allows attackers to trigger service interruptions.

The vulnerability of Palo Alto Networks’ network switches, managed by the PAN-OS operating system, is related to insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending a specially crafted network...

8.6CVSS7.5AI score0.26636EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/11/20 12:0 a.m.17 views

The vulnerability of GigaDevice’s GD32 microprogrammed software controllers, models GD32E23x and GD32E50x, is related to access control deficiencies. This vulnerability allows attackers to read data from SRAM or alter its state.

The vulnerability of GigaDevice’s GD32 microprogrammed device controllers, such as GD32E23x and GD32E50x, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to read data from SRAM or alter its state...

7.6CVSS5.5AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/11/19 12:0 a.m.17 views

The vulnerability of the CurlAsyncHTTPClient component in the asynchronous networking library Tornado allows a hacker to execute arbitrary code.

The vulnerability of the CurlAsyncHTTPClient component in the Tornado asynchronous networking library is related to the lack of measures taken to neutralize CRLF sequences. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending specially crafted HTTP requests ...

6.5CVSS6AI score
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/09/30 12:0 a.m.17 views

The vulnerability of the /cgi-bin/widget_api.cgi file of the Web Management Interface component of the D-Link DNS-320 router’s microprogramming system allows a hacker to disclose confidential information.

The vulnerability of the /cgi-bin/widgetapi.cgi file of the Web Management Interface component of the D-Link DNS-320 router software relates to the disclosure of information. Exploiting this vulnerability could allow an attacker to disclose confidential information by manipulating the...

5.9CVSS5.4AI score0.02104EPSS
Exploits1References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.17 views

The vulnerability of the “phase” parameter in the netshop CMS system’s Netcat module allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the “phase” parameter in the netshop CMS system’s Netcat framework exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute any arbitrary JavaScript code in the user’s browser remotely...

9CVSS5.8AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/07/08 12:0 a.m.17 views

The vulnerability of the Mozilla Firefox browser for Android, related to deficiencies in access control, allows attackers to bypass security restrictions and compromise the integrity of protected information.

The vulnerability of the Mozilla Firefox browser for Android is related to deficiencies in access control, resulting from incorrect processing of the Principal object when opening new tabs. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and compromise the...

5CVSS7.7AI score0.00411EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/06/04 12:0 a.m.17 views

The vulnerability of the Media Session application interface for Google Chrome and Microsoft Edge browsers allows a perpetrator to execute arbitrary code.

The vulnerability of the Media Session application interface in Google Chrome and Microsoft Edge browsers relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by loading a specially created malicious HTML page...

10CVSS8.1AI score0.00819EPSS
Exploits1References12Affected Software6
BDU FSTEC
BDU FSTEC
added 2024/06/04 12:0 a.m.17 views

Vulnerability of the Server:Thread Pooling component of the Oracle MySQL Server database management system, which allows attackers to cause service interruptions.

The vulnerability of the Server:Thread Pooling component of the Oracle MySQL Server database management system is related to improper cleaning or release of resources. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

6.1CVSS6.2AI score0.01107EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/06/04 12:0 a.m.17 views

The vulnerability of the BPMSoft web application is related to deficiencies in access control, which allows attackers to increase their privileges within the system.

The vulnerability of the BPMSoft web application is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges within the system...

6.1CVSS5.5AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/05/20 12:0 a.m.17 views

The vulnerability of the Windows RRAS operating system’s routing and remote access service, related to numerical truncation errors, allows a hacker to execute arbitrary code.

The vulnerability of the Windows RRAS operating system’s routing and remote access service is related to numerical truncation errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

7.6CVSS6AI score0.01543EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/05/20 12:0 a.m.17 views

The vulnerability of the Windows Hyper-V hardware virtualization system allows a perpetrator to execute arbitrary code.

The vulnerability of the Windows Hyper-V hardware virtualization system in Windows operating systems is related to errors in processing the relative path to the directory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9CVSS5.9AI score0.02324EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/04/10 12:0 a.m.17 views

The vulnerability of the Intel Chipset Driver Software in managing and updating chipset drivers is related to incorrect default permissions, allowing an attacker to escalate their privileges.

The vulnerability of the Intel Chipset Driver Software for software-based control and driver updates is related to incorrect default permissions. Exploiting this vulnerability can allow attackers to enhance their privileges...

6.7CVSS6.6AI score0.00167EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/02/06 12:0 a.m.17 views

The vulnerability of the user registration function of the XWiki Platform allows a perpetrator to execute arbitrary code.

The vulnerability of the user registration function of the XWiki Platform is related to improper code generation management. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS8.1AI score0.9348EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/12/22 12:0 a.m.17 views

The vulnerability of the `perf_event_validate_size()` function in the kernel/events/core.c module of the perf subsystem in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information, thereby enhancing their privileges within the system.

The vulnerability of the perfeventvalidatesize function in the kernel/events/core.c module of the Linux operating system’s perf subsystem is related to writing beyond the boundaries of a allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...

7CVSS6.3AI score0.00715EPSS
Exploits1References42Affected Software6
BDU FSTEC
BDU FSTEC
added 2023/12/14 12:0 a.m.17 views

The vulnerability in the set of tools for developing software to create Sentry-Javascript web applications arises from insufficient validation of incoming requests. This allows a hacker to perform an SSRF attack.

The vulnerability of the Sentry-Javascript software development tool for creating web applications is related to insufficient checking of incoming requests. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...

9.4CVSS6.8AI score0.00631EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.17 views

The vulnerability of the OpenImageIO image processing library, related to reading data beyond the permissible buffer limits, allows a hacker to cause a service failure.

The vulnerability of the OpenImageIO image processing library lies in the reading of data beyond the permissible buffer size. Exploiting this vulnerability could allow a malicious actor to cause service interruptions using a specially created PSD file...

7.8CVSS7AI score0.00765EPSS
Exploits1References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/09/12 12:0 a.m.17 views

The vulnerability of the Redis database management system lies in the insecure management of privileges, allowing attackers to gain unauthorized access to keys that are clearly not authorized by the ACL configuration.

The vulnerability of the Redis database management system is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to gain unauthorized access to keys that are clearly not authorized by the ACL configuration...

5.5CVSS6.4AI score0.0034EPSS
Exploits0References6Affected Software4
BDU FSTEC
BDU FSTEC
added 2023/08/23 12:0 a.m.17 views

The vulnerability of the SED software “DELO” stems from deficiencies in the authentication process, allowing a perpetrator to intercept the identifier and bypass the authentication mechanism.

The vulnerability of the SED software “DELO” is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to intercept the identifier and bypass the authentication mechanism...

10CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.17 views

The vulnerability of the Avahi service detection system in local networks, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the Avahi service detection system in local networks is related to an uncontrolled consumption of resources. Exploiting this vulnerability allows a perpetrator to cause service failures...

5.5CVSS6.2AI score0.00392EPSS
Exploits1References12Affected Software6
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.17 views

The vulnerability of the WebRTC technology implementation in Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of the WebRTC technology implementation in Google Chrome browser is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8AI score0.13813EPSS
Exploits0References9Affected Software5
BDU FSTEC
BDU FSTEC
added 2023/07/17 12:0 a.m.17 views

The vulnerability of the Bad plugin (gst-plugins-bad) in the Gstreamer multimedia framework allows a perpetrator to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.

The vulnerability of the Bad gst-plugins-bad plugin in the Gstreamer multimedia framework is related to insufficient protection of service data due to the absence of security updates on the remote host. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

7.8CVSS5.9AI score
Exploits0References4Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/06/27 12:0 a.m.17 views

The vulnerability of the Windows command-line interpreter allows a hacker to execute arbitrary code.

The vulnerability of the Windows command-line interpreter arises from the lack of mechanisms to stop the execution of a script after an error is detected in it. Exploiting this vulnerability allows an attacker to execute arbitrary code by creating images using the built-in graphics editor MS Pain...

8.7CVSS6.2AI score
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/04/27 12:0 a.m.17 views

The vulnerability of the shared host device Bluetooth function with VMware Workstation and VMware Fusion allows a attacker to execute arbitrary code.

The vulnerability of the shared-host Bluetooth device function with VMware Workstation and VMware Fusion lies in the possibility of buffer overflow attacks based on the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

9.3CVSS8.2AI score0.02036EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2023/03/03 12:0 a.m.17 views

The vulnerability of the MKLogic-500 PLC, related to the use of pre-set credentials, allows a hacker to gain access to the contents of the FTP server.

The vulnerability of the PLK MKLogic-500 is related to the presence of pre-installed account data. Exploiting this vulnerability can allow a remote attacker to gain access to the contents of the FTP server...

9.7CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/03 12:0 a.m.17 views

The vulnerability of the MKLogic-500 PLC configuration protocol, related to the lack of authentication for critical functions, allows attackers to alter the device’s operating logic.

The vulnerability of the MKLogic-500 PLC configuration protocol lies in the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to alter the device’s operating logic...

9.6CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.17 views

The vulnerability of the Linux operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of Linux operating system kernels relates to how it handled the I2CSMBUSBLOCKPROCCALL scenario via the ioctl I2CSMBUS with malicious input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.7AI score0.00225EPSS
Exploits0References8Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/12/22 12:0 a.m.17 views

The vulnerability in the driver/driver/video/fbdev/smscufx.c file of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the driver/driver/video/fbdev/smscufx.c file of Linux operating systems is related to the state of the race when a USB device is detected during the call to open. Exploiting this vulnerability can allow an attacker to cause a service failure...

4.2CVSS6.6AI score0.00309EPSS
Exploits0References32Affected Software6
BDU FSTEC
BDU FSTEC
added 2022/11/23 12:0 a.m.17 views

The vulnerability of Websoft HCM’s automation software for HR processes stems from the lack of measures taken to protect the website structure. This allows attackers to carry out XSS attacks.

The vulnerability of Websoft HCM’s HR automation software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

7.8CVSS5.4AI score
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/11/21 12:0 a.m.17 views

The vulnerability of the SetSysLogSettings() function in the web interface for managing D-Link DIR-1935 router microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the SetSysLogSettings function in the web interface for managing D-Link DIR-1935 router microprogramming software is related to the failure to sanitize the input data in the string entered by the user when processing the IPAddress element. Exploiting this vulnerability allows...

7.7CVSS7.1AI score0.01085EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/09/30 12:0 a.m.17 views

The vulnerability of the kernel of microprogramming software in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of microprogramming software in embedded Qualcomm chips is related to synchronization errors when using common resources. Exploiting this vulnerability can allow attackers to cause service failures or execute arbitrary code...

7.8CVSS7.4AI score0.00087EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/07/01 12:0 a.m.17 views

The vulnerability affects implementations of protocols that transmit data to Microsoft applications, Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird. This allows a perpetrator to execute arbitrary code.

The vulnerability in the implementation of protocols that transmit data to Microsoft applications, Mozilla Firefox, Mozilla Firefox ESR, and the email client Thunderbird is related to authentication errors in the handler for the customizable URL scheme. Exploiting this vulnerability allows a remo...

7.6CVSS5.9AI score0.00783EPSS
Exploits1References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.17 views

The vulnerability of the SecUsers.ini file of the controller display utility for OpenBSI allows a hacker to gain unauthorized access to protected information.

The vulnerability of the SecUsers.ini file of the controller display utility related to OpenBSI involves storing confidential information in an unencrypted form in memory. Exploiting this vulnerability could allow a remote attacker to gain access to the user credentials...

7.8CVSS5.5AI score0.00252EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.17 views

The vulnerabilities of embedded images of microprogrammed control systems for DeltaV M-series/S-series/P-series controllers, as well as the DeltaV/Ovation SIS emergency protection system, allow attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of embedded images of microprogrammed control systems for DeltaV M-series/S-series/P-series controllers, as well as of the emergency protection system DeltaV/Ovation SIS, is related to the transmission of data in an open manner. Exploiting this vulnerability can allow a maliciou...

7.8CVSS5.5AI score0.00149EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/04/28 12:0 a.m.17 views

The vulnerability of the networkd-dispatcher component, which manages connection states in Linux operating systems, and is part of the Systemd subsystem responsible for service initialization and management, allows a malicious actor to escalate their privileges or execute arbitrary code.

The vulnerability of the networkd-dispatcher component, which manages connection states and initializes services within Systemd on Linux operating systems, exists due to an incorrect path name limitation for the restricted access directory. Exploiting this vulnerability could allow an attacker to...

8.4CVSS5.8AI score0.11667EPSS
Exploits3References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/14 12:0 a.m.17 views

The vulnerability of the svx_read_header() function in the audio file reading and writing library libsndfile allows a attacker to cause a service denial.

The vulnerability of the svxreadheader function in the audio file reading and writing library libsndfile is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

7.8CVSS5.8AI score
Exploits0References5Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.17 views

The vulnerability of the LibreOffice office software package lies in its improper verification of the cryptographic signature, allowing a hacker to circumvent security restrictions.

The vulnerability of the LibreOffice office software package is related to incorrect verification of the cryptographic signature when using the “X509Data” and “KeyValue” values. Exploiting this vulnerability can allow an attacker to circumvent security restrictions by using a specially created OD...

6.3CVSS7.4AI score0.00965EPSS
Exploits0References12Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/04/05 12:0 a.m.17 views

The vulnerability of the software for implementing the hypertext environment MediaWiki allows a perpetrator to compromise the integrity of the data.

The vulnerability of the software for implementing the hypertext environment MediaWiki is related to the disclosure of information in the erroneous data area. Exploiting this vulnerability allows a malicious actor, operating remotely, to compromise the integrity of the data...

7.8CVSS6.6AI score0.01943EPSS
Exploits1References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/01/25 12:0 a.m.17 views

The vulnerability of NETGEAR CBR750, RBK852, RBR850, and RBS850 Wi-Fi routers’ microprogramming software lies in insufficient cleaning of input data, allowing attackers to execute arbitrary commands.

The vulnerability of NETGEAR’s Wi-Fi router software, including models CBR750, RBK852, RBR850, and RBS850, lies in insufficient cleaning of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

9.6CVSS8.1AI score0.01667EPSS
Exploits0References3Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/01/17 12:0 a.m.17 views

The vulnerability of the adts_decode_extradata function in the libavformat/adtsenc.c component of the FFmpeg multimedia library, related to an unvalidated return value, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the adtsdecodeextradata function in the libavformat/adtsenc.c component of the FFmpeg multimedia library is related to an unvalidated return value of initgetbits. Exploiting this vulnerability could allow a remote attacker to gain access to confidential data, compromise its...

9.8CVSS7.2AI score0.02411EPSS
Exploits0References11Affected Software4
BDU FSTEC
BDU FSTEC
added 2022/01/04 12:0 a.m.17 views

The vulnerability in the FatPipe software’s web interface, related to the unlimited download of malicious files, allows a hacker to download a malicious file onto a vulnerable device and execute it.

The vulnerability of the FatPipe software management web interface is related to the unlimited download of malicious files. Exploiting this vulnerability allows a malicious actor to download a malicious file onto a vulnerable device and execute it...

10CVSS5.6AI score
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/01/04 12:0 a.m.17 views

The software of SIEM EventLog Analyzer is vulnerable because measures are not taken to neutralize special elements used in the operating system command. This vulnerability allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the SIEM EventLog Analyzer software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the target system remotely...

10CVSS5.9AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/12/13 12:0 a.m.17 views

The vulnerability of the HEVC Video Extensions application, related to improper code generation, allows a perpetrator to execute arbitrary code.

The vulnerability of the HEVC Video Extensions application is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.7AI score0.02177EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/12/08 12:0 a.m.17 views

The vulnerability of MasterCard, Visa, and American Express payment services lies in the insufficient authorization of ARQC cryptographic algorithms generated by Apple Pay, Samsung Pay, and GPay mobile wallets. This allows attackers to use AAC cryptographic algorithms on payment services, thereby enabling them to intercept transactions when the wallet or payment terminal decides to reject a transaction.

The vulnerability of MasterCard, Visa, and American Express tokenization services is related to the insufficient authorization of ARQC cryptographic keys generated by Apple Pay, Samsung Pay, and GPay mobile wallets. Exploiting this vulnerability could allow attackers to use AAC cryptographic keys...

6.8CVSS5.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2021/12/01 12:0 a.m.17 views

The vulnerability of the BBCode parser in the vBulletin commercial web forum, related to the lack of protection for the website structure, allows a violator to execute arbitrary JavaScript.

The vulnerability of the BBCode parser in the vBulletin commercial web forum is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript by injecting code into messages using embedded BBCodes...

9CVSS5.9AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.17 views

The vulnerability of the check_cookie function in the web server of the programmable logic controller ioLogik, related to buffer overflow in the stack, allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the checkcookie function in the web server of the programmable logic controller ioLogik is related to buffer overflow in the stack. Exploiting this vulnerability could allow a remote attacker to cause service failures or execute arbitrary code using a specially crafted reques...

10CVSS6.4AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/11/23 12:0 a.m.17 views

The vulnerability of the check_token function in the web server of the programmable logic controller ioLogik, related to buffer overflow in the stack, allows a intruder to trigger a service failure or execute arbitrary code.

The vulnerability of the checktoken function in the web server of the programmable logic controller ioLogik is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to cause service failures or execute arbitrary code using a specially crafted request...

10CVSS6.3AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities5000