90509 matches found
The vulnerability of the ConfigFileUpload() function in the web interface for managing D-Link DIR-1935 router microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the ConfigFileUpload function in the web interface for managing D-Link DIR-1935 router microprogramming software is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of Microsoft Exchange Server servers, related to deficiencies in access control, allows attackers to increase their privileges.
The vulnerability of Microsoft Exchange Server is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the Microsoft Windows Sysmon system service, related to access control deficiencies, allows attackers to escalate their privileges.
The vulnerability of the Microsoft Windows Sysmon system service is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the BitLocker Device Encryption security function in Windows operating systems allows attackers to circumvent security restrictions.
The vulnerability of the BitLocker Device Encryption security function in Windows operating systems is related to security configuration errors. Exploiting this vulnerability could allow a hacker to circumvent security restrictions...
The vulnerability of the vector graphics editor CorelDRAW Graphics Suite (formerly CorelDRAW) lies in the ability to read data beyond the buffer boundaries in memory, allowing attackers to execute arbitrary code.
The vulnerability of the CorelDRAW Graphics Suite formerly CorelDRAW graphic editor lies in the reading of data beyond the buffer boundaries in memory during the syntax analysis of EMF files. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created...
The vulnerability in the web interface for managing the Cisco AsyncOS operating system of the Cisco Email Security Appliance (ESA) security email system, the Cisco Secure Email and Web Manager content protection device, and the Cisco Secure Web Appliance (formerly Cisco Web Security Appliance (WSA)) web gateway allows a perpetrator to enhance their privileges.
The vulnerability in the web interface for managing the Cisco AsyncOS operating system of the Cisco Email Security Appliance ESA, the Cisco Secure Email and Web Manager, and the Cisco Secure Web Appliance formerly Cisco Web Security Appliance WSA relates to the use of a hard-coded cryptographic...
The vulnerability of the Cisco Email Security Appliance’s security system and the Cisco Secure Email and Web Manager, related to the failure to handle CRLF sequences in HTTP headers, allows attackers to perform attacks by splitting HTTP responses.
The vulnerability of the Cisco Email Security Appliance’s security system and the Cisco Secure Email and Web Manager devices relates to the failure to handle CRLF sequences in HTTP headers. Exploiting this vulnerability allows a malicious actor to perform attacks by splitting HTTP responses using...
The vulnerability in the web interface of the Cisco BroadWorks CommPilot Application Software allows a attacker to perform an SSRF attack.
The vulnerability of the Cisco BroadWorks CommPilot Application Software’s web interface is related to insufficient validation of incoming requests. Exploiting this vulnerability could allow a malicious actor to execute an SSRF attack using a specially crafted HTTP request...
The vulnerability of the Fortinet FortiNAC access control device lies in its lack of measures to protect the website structure, allowing attackers to execute cross-site scripting attacks.
The vulnerability of the Fortinet FortiNAC network access control device is related to the lack of protection for the website structure when processing the User ID parameter for the administrator. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the FortiTester software-based diagnostic and audit tools for computer networks, as well as the FortiAnalyzer tool for event monitoring and analysis, stems from the lack of protective measures taken for website structures. This allows attackers to carry out cross-site scripting attacks.
The vulnerability of the FortiTester software for diagnosing and auditing computer networks, as well as the FortiAnalyzer software for monitoring and analyzing security events, is related to the lack of protective measures taken for the website structure. Exploiting this vulnerability could allow...
The vulnerability in the virtual learning environment Moodle, related to insufficient cleaning of user data, allows a hacker to execute arbitrary SQL commands.
The vulnerability in the virtual training environment Moodle is related to insufficient cleaning of user data on the “browse list of users” page of the administration site. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands by sending a specially created quer...
The vulnerability in the web interface of Cisco Expressway micro-programming software and Cisco TelePresence Video Communication Server micro-programming device management software allows a attacker to perform a CSRF attack.
The vulnerability in the web interface of Cisco Expressway microprogramming software and Cisco TelePresence Video Communication Server control devices is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a...
The vulnerability of the implementation of the DefaultActionMapper mechanism in the Apache Struts software framework allows attackers to circumvent security restrictions.
The vulnerability of the DefaultActionMapper mechanism implemented by the Apache Struts software platform is related to deficiencies in access control when processing the ‘action: prefix’ parameter. Exploiting this vulnerability allows an attacker to bypass security restrictions while operating...
The vulnerability of the Corosync/Pacemaker PCS configuration tool is related to deficiencies in the authentication process, which allows attackers to escalate their privileges.
The vulnerability of the Corosync/Pacemaker PCS configuration tool is related to deficiencies in the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model, allowing a perpetrator to gain access to read data and modify it.
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify...
The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System lies in the lack of authentication for the password change function, which allows unauthorized users to escalate their privileges.
The vulnerability of the microprogramming software of the Cognex 3D-A1000 Dimensioning System lies in the lack of authentication for the password change function. Exploiting this vulnerability could allow an attacker to gain increased privileges from a remote location...
The vulnerability of the getAttrValue function in D-Link DSL-3782 router microprogramming software, related to buffer overflow in the stack, allows a hacker to execute arbitrary code.
The vulnerability of the getAttrValue function in D-Link DSL-3782 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Vim text editor lies in the fact that an operation can be performed outside the buffer, allowing an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Vim text editor is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the Vim text editor lies in the fact that an operation can be performed outside the buffer, allowing an attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the Vim text editor is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the ActiveX control on the SCADA server of Measuresoft ScadaPro Server allows a intruder to execute arbitrary code.
The vulnerability of the ActiveX control in the SCADA server of Measuresoft ScadaPro Server relates to the use of an untrusted indicator. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service disruption.
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to create, delete, or alter access to critical data, gain read-only access to data, or cause a...
The vulnerability of the Microsoft Visual Studio software development tool and the Microsoft.NET Framework software platform lies in improper cleaning or release of resources, allowing a perpetrator to cause service failures.
The vulnerability of the Microsoft Visual Studio software development tool and the Microsoft.NET Framework software platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the Horner Automation Cscape EnvisionRV software lies in insufficient validation of input data, allowing attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the Horner Automation Cscape EnvisionRV software exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the netback driver for Linux operating systems allows a hacker to trigger a service failure.
The vulnerability of the netback driver for Linux operating systems is related to resource release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the software platforms for developing and managing Magento Open Source and Adobe Commerce online stores lies in the lack of protective measures for website structures, allowing attackers to carry out cross-site scripting attacks.
The vulnerability of the Magento Open Source and Adobe Commerce software platforms for developing and managing online stores is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the Adobe Framemaker desktop publishing system lies in its memory management after memory is freed, allowing an attacker to execute arbitrary code.
The vulnerability of the desktop publishing system Adobe Framemaker relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created malicious file...
The vulnerability of PDFTron software components, used by Autodesk for modeling, design, and drafting, allows a hacker to execute arbitrary code.
The vulnerability of PDFTron software components, used by Autodesk for modeling, design, and drawing tasks, involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during PDF file analysis...
The vulnerability of the MiUI mobile operating system in devices like Redmi Note 11 and Redmi Note 9T, related to writing beyond the buffer in memory, allows a hacker to trigger a service failure.
The vulnerability of the mobile operating system MIUI is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of Microsoft Excel editors, related to security configuration errors, allows attackers to circumvent existing security restrictions.
The vulnerability of Microsoft Excel editors is related to security configuration errors. Exploiting this vulnerability can allow attackers to circumvent existing security restrictions...
The vulnerability of the PAN-OS operating system, related to errors in configuring URL filtering policies, allows a perpetrator to trigger a Denial-of-Service Attack (RDoS).
The vulnerability of the PAN-OS operating system is related to errors in configuring URL filtering policies. Exploiting this vulnerability can allow a malicious actor to perform a Denial-of-Service Attack RDoS...
The vulnerability of the Open Plug and Play (PnP) microprogramming software module of Cisco Small Business routers such as RV160, RV260, RV340, and RV345 is related to errors in processing input data. This vulnerability allows a hacker to execute arbitrary commands in the basic operating system.
The vulnerability of the Open Plug and Play PnP microprogramming software for Cisco Small Business routers such as RV160, RV260, RV340, and RV345 is related to errors in processing input data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands on the operating...
The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software allows a intruder to execute any command they desire.
The vulnerability of the “Main” function in the TOTOLink A860R microcontroller software is related to the lack of measures for cleaning input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands through the QUERYSTRING parameter...
The default installation configuration “[webserver] secret_key” of the Airflow data processing software’s creation, monitoring, and orchestration tools makes it possible for a malicious individual to gain unauthorized access to an external web server.
The vulnerability of the default installation configuration “webserver secretkey” in software for creating, monitoring, and orchestrating Airflow data processing scenarios is related to the use of pre-installed credentials. Exploiting this vulnerability could allow an attacker, operating remotely...
The vulnerability in the web interface for managing device information on the Cisco Common Services Platform Collector allows a attacker to carry out cross-site scripting attacks.
The vulnerability in the web interface for collecting device information on the Cisco Common Services Platform Collector exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks using a...
The vulnerability of the Apache Tomcat application server’s Realm implementation, related to information disclosure due to mismatches, allows attackers to determine all existing user names.
The vulnerability of the Apache Tomcat application server’s Realm implementation is related to the exposure of information through mismatches. Exploiting this vulnerability allows a remote attacker to discover all existing user names...
The vulnerability of the njs_vmcode_interpreter function (src/njs_vmcode.c) in the njs interpreter of the nginx server allows a hacker to cause a service failure.
The vulnerability of the njsvmcodeinterpreter function src/njsvmcode.c in the njs interpreter of the nginx server involves an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
The vulnerability of the mobile plugin for data processing in Atlassian Jira Server and Data Center allows a perpetrator to execute an SSRF attack.
The vulnerability of the mobile plugin for data processing in Atlassian Jira Server and Data Center is related to insufficient testing of requests on the server side. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
The vulnerability of the network software for social games and heroiclabs/nakama applications relates to insufficient restrictions on authentication attempts, allowing a perpetrator to gain unauthorized access to protected information.
The vulnerability of the network software for social games and heroiclabs/nakama applications is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the ssh_command function in the web interface for managing Roxy-wi servers allows a hacker to execute arbitrary code.
The vulnerability of the sshcommand function in the web interface for managing Roxy-wi servers is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to inadequate access control mechanisms. This allows a malicious individual to complete any process within the system.
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to complete any process within the system remotely...
The vulnerability of Microprogrammed Software in Omron NJ/NX automation controllers, related to bypassing the authentication process using capture-replay techniques for intercepted parameters, allows a intruder to trigger a service failure or execute arbitrary code.
The vulnerability of Microprogrammed Software in Omron NJ/NX automation controllers lies in the ability to bypass the authentication process by using capture-replay techniques to intercept and replay captured parameters. Exploiting this vulnerability allows a malicious actor to trigger malfunctio...
The software for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission is vulnerable due to incorrect restrictions on the path to the restricted access catalog. This allows attackers to create or overwrite critical files and execute arbitrary code.
The vulnerability of the software used for configuring, testing, and deploying Schneider Electric EcoStruxure Power Commission involves incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to create or re-record...
The vulnerability of the QTS operating system, specifically the QuTS Hero operating system, is related to the lack of protective measures for website structures. This allows attackers to compromise the confidentiality and integrity of information.
The vulnerability of the QTS operating system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality and integrity of information...
The vulnerability of the OAS Engine SecureAddUser function in the platform for data transmission between devices and applications allows a perpetrator to gain unauthorized access to the system.
The vulnerability of the OAS Engine SecureAddUser function on the platform for data transfer between devices and applications is related to the lack of authentication checks for this critical function. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized...
The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules allows a hacker to gain access to the device by intercepting the authentication token.
The vulnerability of the AuthToken component in the microprogramming software for Desigo DXR2, PXC3, PXC4, and PXC5 modules is related to an incorrect expiration time of the session. Exploiting this vulnerability can allow attackers to gain access to the device by intercepting the authentication...
The vulnerability of the modular interface between web servers and web applications in Rack, related to improper neutralization of special elements used in operating system commands, allows attackers to execute arbitrary shell commands on the target system.
The vulnerability of the modular interface between web servers and web applications in Rack is related to improper input validation during data processing. This issue occurs when data is transmitted through the intermediate software Rack Lint and CommonLogger. Exploiting this vulnerability allows...
The vulnerability of the Teamcenter product lifecycle management system lies in the improper restriction of XML references to external objects, which allows attackers to perform XXE attacks.
The vulnerability of the Teamcenter product lifecycle management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to perform XXE attacks remotely...
The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through HTTP...
The vulnerability of the Infrastructure component of the Oracle Banking Trade Finance software allows a perpetrator to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service disruption.
The vulnerability of Oracle Banking Trade Finance’s Infrastructure component is related to errors in the code. Exploiting this vulnerability allows a malicious actor to create, delete, or alter access to critical data, gain read-only access to data, or cause partial service interruptions through...
The vulnerability of the Financial Gateway component of the PeopleSoft Enterprise FIN Cash Management software allows a perpetrator to gain read access to data or modify data.
The vulnerability of the Financial Gateway component of the PeopleSoft Enterprise FIN Cash Management software exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain read access to data or modify data using specially...