90509 matches found
The vulnerability of the Rest Phone Apps web interface for controlling IP telephony systems, FreePBX, allows a intruder to execute arbitrary code.
The vulnerability of the Rest Phone Apps web interface for controlling IP telephony systems like FreePBX lies in the ability to inject code into the URL addresses. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat Document Cloud and Adobe Acrobat, are related to memory usage after it is freed. This allows attackers to execute arbitrary code.
The vulnerabilities of PDF viewer programs such as Adobe Reader and Document Cloud, as well as PDF editing programs like Adobe Acrobat and Document Cloud, are related to the use of memory after it is freed. Exploiting these vulnerabilities can allow an attacker to execute arbitrary code...
The vulnerability of the SEPCOS Single Package control and protection relay software allows a intruder to modify user credentials and permissions without authentication.
The vulnerability of the SEPCOS Single Package control and protection relay software is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability allows a malicious actor to modify user credentials and permissions without authentication...
The vulnerability of ASUS RT-AX88U Wi-Fi router’s microprogramming software, related to the use of uncontrolled format strings, allows a hacker to execute arbitrary code.
The vulnerability of ASUS RT-AX88U Wi-Fi router’s microprogramming software is related to the use of uncontrolled format strings. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition systems allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to errors in processing the relative path to the directory. Exploiting this vulnerability can allow an attacker operating remotely to gai...
The vulnerability of the `ecdsa_verify_[prepare_]legacy()` command-line tool for ECDSA elliptic curve cryptography, provided by `ecdsautils`, allows a perpetrator to compromise data integrity.
The vulnerability of the ecdsaverifypreparelegacy command-line tool for ECDSA elliptic curve cryptography, provided by ecdsautils, is related to incorrect verification of the cryptographic signature. Exploiting this vulnerability could allow a remote attacker to compromise the integrity of data...
The vulnerability of the custom-content-type-manager plugin in the WordPress content management system allows a hacker to execute arbitrary code.
The vulnerability of the custom-content-type-manager plugin in the WordPress content management system is related to improper handling of code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability in the web interfaces of Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition (SME), as well as Cisco Unified Communications Manager IM & Presence Service, allows a attacker to execute XSS attacks.
The vulnerability of the Cisco Unified Communications Manager and Cisco Unified Communications Manager Session Management Edition SME web interfaces is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a malicious actor to carry out XSS attacks...
The vulnerability of the Dovecot mail server’s passdb account database allows a hacker to escalate their privileges.
The vulnerability of the Dovecot mail server’s passdb database account database is related to configuration errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...
The vulnerability of the Elementor Website Builder plugin of the WordPress content management system allows attackers to execute cross-site scripting attacks.
The vulnerability of the Elementor Website Builder plugin of the WordPress content management system is related to insufficient protection of the website’s structure. Exploiting this vulnerability allows a malicious actor to execute cross-site scripting attacks...
The vulnerability of the `WebCore::TextureMapperLayer::setContentsLayer` function in WebKitGTK and WPE WebKit rendering modules allows a attacker to execute arbitrary code or cause a service denial.
The vulnerability of the WebCore::TextureMapperLayer::setContentsLayer function WebCore/platform/graphics/texmap/TextureMapperLayer.cpp in the rendering modules of WebKitGTK and WPE WebKit is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a...
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to errors in processing the relative path to the catalog. This vulnerability allows a perpetrator to disclose protected information and replace arbitrary files.
The vulnerability of the software platform for industrial automation and IoT solutions, Elcomplus SmartICS, is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information and replace arbitrary files...
The vulnerability of InHand Networks InRouter302’s microprogramming software, related to the use of pre-installed credentials, allows a hacker to perform arbitrary actions.
The vulnerability of InHand Networks InRouter302 microprogramming software lies in the use of pre-set credentials. Exploiting this vulnerability allows a remote attacker to perform arbitrary actions...
The vulnerability of the skipwhite() function in the Vim text editor allows a hacker to execute arbitrary code.
The vulnerability of the skipwhite function rc/spell.c in the Vim text editor is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the statussupport_diagnostic_tracing.json component of the SerComm h500s router software allows a hacker to execute arbitrary commands.
The vulnerability of the statussupportdiagnostictracing.json component of the SerComm h500s router software exists due to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the “TabStrip” control implementation in the MSCOMCTL.OCX component of the Microsoft Office software suite, Microsoft SQL Server relational database management system, Microsoft Commerce Server e-commerce software, and Microsoft Visual FoxPro database development environment allows a perpetrator to execute arbitrary code.
The vulnerability of the “TabStrip” control implementation in the MSCOMCTL.OCX component of the Microsoft Office software, the Microsoft SQL Server relational database management system, the Microsoft Commerce Server e-commerce software, and the Microsoft Visual FoxPro database development...
Vulnerability of the `bn_reduce_once_in_place` function in the OpenSSL library, allowing a hacker to execute arbitrary code
The vulnerability of the bnreduceonceinplace function in the OpenSSL library is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Tools and Frameworks component of the Oracle Commerce Guided Search system exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through HTTP...
The vulnerability of the Core component in Oracle VM VirtualBox allows a hacker to modify data or gain privileged access to the infrastructure.
The vulnerability of the Core component in Oracle VM VirtualBox exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data, or gain privileged access to the infrastructure...
The vulnerability of the Navigation Pages, Portal, and Query components of the Oracle PeopleSoft Enterprise PeopleTools business application allows a perpetrator to gain access to read data or modify data.
The vulnerability of the Navigation Pages, Portal, and Query components in Oracle PeopleSoft Enterprise PeopleTools exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP reques...
The vulnerability of Microsoft’s Windows Remote Credential Guard system allows attackers to circumvent security restrictions and enhance their privileges.
The vulnerability of Microsoft’s Windows Remote Credential Guard security feature is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain increased privileges...
The vulnerability of the communication modules of H0-ECOM and H0-ECOM100 Ethernet-controllers from DirectLOGIC, related to the transmission of data in an open manner, allows a intruder to gain unauthorized access to the device.
The vulnerability of the communication modules of H0-ECOM and H0-ECOM100 Ethernet controllers from DirectLOGIC lies in the transmission of data in an open manner. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to the device by receiving a password packet in ...
The vulnerability of the Microsoft .NET Framework software platform, related to improper cleaning or release of resources, allows a perpetrator to cause a service failure.
The vulnerability of the Microsoft .NET Framework software platform is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the NCIE Scanner module in Trend Micro Security’s antivirus protection allows a hacker to exploit it to disclose protected information.
The vulnerability of the NCIE Scanner module in Trend Micro Security antivirus tools is related to reading data beyond the buffer in memory. Exploiting this vulnerability can allow attackers to disclose protected information...
The vulnerability of the print spooler daemon on Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the Windows Print Spooler in operating systems related to Windows printing is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the StreamingCoordinatorController.java component of the Kylin data processing platform allows attackers to perform SSRF attacks.
The vulnerability of the StreamingCoordinatorController.java component /kylin/api/streamingcoordinator/ in the Kylin data processing platform is related to insufficient validation of incoming requests. Exploiting this vulnerability allows a malicious actor to perform SSRF attacks using a speciall...
The vulnerability of the Win32 Stream Enumeration component in Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the Win32 Stream Enumeration component in Windows operating systems is related to improper code generation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of D-Link DIR-878 wireless routers’ microprogramming software lies in the lack of measures to neutralize specific elements within it. This allows attackers to execute arbitrary commands or trigger service failures.
The vulnerability of D-Link DIR-878 wireless routers’ microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands or cause...
Vulnerability of the Cluster component: The general database management system of Oracle MySQL Cluster allows a hacker to gain full control over the application.
Vulnerability of the Cluster component: The general system for managing databases in Oracle MySQL Cluster is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to gain full control over the application through various network protocols...
The vulnerability of the executable file wpsupdater.exe of the WPS Office office software allows a hacker to execute arbitrary code.
The vulnerability of the WPS Office office software’s executable file, wpsupdater.exe, is related to improper input validation in wpsupdater.exe. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the implementations of the QuerySet.annotate(), aggregate(), and extra() methods in the Django web application framework allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the implementation of the QuerySet.annotate, aggregate, and extra methods in the Django software platform is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality,...
The vulnerability in the web interface of the Cisco Common Services Platform Collector, a tool for collecting information about devices in the network, allows attackers to perform cross-site scripting (XSS) attacks.
The vulnerability in the web interface of the Cisco Common Services Platform Collector device for collecting information about devices in the network is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow attackers to perform cross-sit...
The vulnerability of the update module for microprogramming software of Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P arises from improper verification of the certificate authenticity. This allows a malicious actor to load arbitrary software images.
The vulnerability of the update module for microprogramming software of Cisco Small Business routers such as RV160, RV160W, RV260, RV260P, RV260W, RV340, RV340W, RV345, and RV345P is related to improper verification of the certificate authenticity. Exploiting this vulnerability allows a malicious...
The vulnerability in the web interface of the Cisco Prime Service Catalog management tool allows a hacker to disclose protected information.
The vulnerability of the Cisco Prime Service Catalog management web interface is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information remotely...
The vulnerability of the NETCONF protocol implementation in Cisco SD-WAN vEdge software allows a attacker to cause service failure or trigger an emergency shutdown of the application.
The vulnerability of the NETCONF protocol implementation in Cisco SD-WAN vEdge software lies in the uncontrolled memory consumption. Exploiting this vulnerability could allow an attacker to cause service failures or trigger an emergency shutdown of the application...
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System (IGSS), arises from buffer overflows in the stack, allowing an intruder to execute arbitrary code.
The vulnerability of the interactive graphical SCADA system, Interactive Graphical SCADA System IGSS, arises due to overflow of the buffer on the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created message...
The vulnerability of Adobe Premiere Elements’ video editing software, related to the manipulation of the null pointer, allows a hacker to trigger a service failure.
The vulnerability of Adobe Premiere Elements software-related video editing programs is related to the handling of the null pointer. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the decoder for MPEG-4 multimedia platform GPAC allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the decoder for MPEG-4 multimedia platform GPAC is related to the lack of verification for the result of the addition arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service...
The vulnerability of the `doc` module in the Icinga Web 2 PHP framework allows a hacker to gain access to confidential data.
The vulnerability of the doc module in the Icinga Web 2 PHP framework is related to deficiencies in pathname restrictions for directories. Exploiting this vulnerability allows an attacker to gain access to confidential data...
The vulnerability of the ilst_item_Read function in the box_code_apple.c component of the GPAC multimedia platform allows a hacker to trigger a service failure.
The vulnerability of the ilstitemRead function in the boxcodeapple.c component of the GPAC multimedia platform is related to pointer dereferencing errors. Exploiting this vulnerability allows an attacker to cause service failures...
The vulnerability of the gf_odf_desc_copy function in the MP4Box tool of the GPAC multimedia platform allows a perpetrator to cause a service failure.
The vulnerability of the gfodfdesccopy function in the MP4Box tool of the GPAC multimedia platform is related to pointer assignment errors. Exploiting this vulnerability allows a remote attacker to trigger a service failure using a specially created file...
The vulnerability of the software for designing and configuring the Connected Components Workbench (CCW) from Rockwell Automation, related to the restoration of unreliable data in memory, allows a hacker to execute arbitrary code.
The vulnerability of the software used for designing and configuring the Connected Components Workbench CCW from Rockwell Automation lies in the ability to restore unreliable data in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Microsoft App Installer, related to bypassing authentication through spoofing, allows attackers to carry out spoofing attacks.
The vulnerability of the Microsoft App Installer relates to the bypassing of authentication processes through spoofing. Exploiting this vulnerability allows a malicious actor to carry out spoofing attacks using a specially created malware package...
The vulnerability of the MediaStream component in Google Chrome and Microsoft Edge browsers allows attackers to gain unauthorized access to protected information.
The vulnerability of the MediaStream component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in its ability to send XML messages, allowing a hacker to gain full control over the operating system.
The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to the use of strictly encrypted login credentials during the installation of UltraVNC. Exploiting this vulnerability can allow a malicious actor to gain full control over the operating...
The vulnerability of the Local Security Authority Subsystem Service (LSASS) in the Microsoft Windows operating system allows a perpetrator to disclose protected information.
The vulnerability of the Local Security Authority Subsystem Service LSASS in the Microsoft Windows operating system relates to the disclosure of information in the erroneous data area. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...
The vulnerability of Google Chrome’s SwiftShader component allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of Google Chrome’s SwiftShader component relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information through a specially crafted HTML page...
The vulnerability of NETGEAR’s integrated router software, including models R6400, R6400v2, R6700v3, R7000, R6900P, R7000P, and R8000, stems from the lack of measures to sanitize input data. This allows attackers to execute arbitrary commands.
The vulnerability of the embedded software of NETGEAR routers such as R6400, R6400v2, R6700v3, R7000, R6900P, R7000P, and R8000 lies in the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
The vulnerability of the Canvas component in Google Chrome and Microsoft Edge browsers allows attackers to disclose protected information.
The vulnerability of the Canvas component in Google Chrome and Microsoft Edge relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to disclose sensitive information...
The vulnerability of NETGEAR’s integrated routing software, including models like RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from the lack of measures to sanitize input data. This allows attackers to execute arbitrary commands.
The vulnerability of NETGEAR’s integrated routing software, including models like RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...