90509 matches found
The vulnerability of the Condeon CMS system, related to the storage of confidential information in open text, allows a hacker to intercept sessions and gain access to the user’s account.
The vulnerability of the Condeon CMS system relates to the storage of confidential information in open text within the memory dump file. Exploiting this vulnerability could allow a malicious actor to intercept sessions and gain access to the user account...
The vulnerability of the Import a Theme function in the MyBB forum creation software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the “Import a Theme” function in the MyBB forum creation software is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the config.xml file in TP-Link Archer C50 Wi-Fi routers allows a hacker to gain unauthorized access to protected information.
The vulnerability of the config.xml file in TP-Link Archer C50 Wi-Fi routers lies in the use of strictly encrypted credentials. Exploiting this vulnerability allows a malicious actor to gain unauthorized access to protected information from a remote location...
The vulnerability of Trend Micro Apex One and Apex One as a Service anti-virus software lies in its uncontrolled search path. This allows attackers to escalate their privileges and execute arbitrary code within the SYSTEM context.
The vulnerability of the Data Loss Prevention module in Trend Micro’s anti-virus software programs Apex One and Apex One as a Service is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary co...
The vulnerability of the Mail function in the MyBB forum creation software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the Mail function in the MyBB forum creation software is related to insufficient testing of requests on the server side. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Behavioral DoS (BADoS) function of the BIG-IP Application Security Manager allows a attacker to cause a service failure.
The vulnerability of the Behavioral DoS BADoS function of the BIG-IP Application Security Manager protection tool is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Flash Cache component in single-Core Microcontrollers ESP32-S2, ESP32-S2F, allows a hacker to read the cached data again.
The vulnerability of the Flash Cache component in single-Core Microcontrollers ESP32-S2 and ESP32-S2F is related to improper protection against voltage spikes and clock speeds. Exploiting this vulnerability allows an attacker to reread cached data by triggering a reset pulse directly before...
The vulnerability of the RemotePC software for providing remote access lies in its insecure management of privileges, allowing attackers to escalate their privileges.
The vulnerability of the RemotePC remote access software is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...
The vulnerability of the Booco business automation platform lies in the improper limitation of the path name to the restricted access catalog. This allows attackers to create or overwrite files in the file system’s directories and execute arbitrary code.
The vulnerability of the Booco business automation platform is related to an incorrect restriction on the path name for restricted access catalogs. Exploiting this vulnerability allows a malicious actor to create or re-record files in file system catalogs and execute arbitrary code...
The vulnerability of the GetScreen agent, a remote access platform, relates to insecure privilege management. This allows attackers to elevate their privileges to the root level.
The vulnerability of the remote access platform GetScreen Agent is related to insecure management of privileges. Exploiting this vulnerability can allow a hacker to elevate their privileges to the root level...
The vulnerability of the Vnet/IP SCADA system’s interface of Yokogawa CENTUM VP allows a intruder to trigger a service failure.
The vulnerability of the Vnet/IP SCADA system of Yokogawa CENTUM VP is related to an uncontrolled and unauthorized access. Exploiting this vulnerability could allow a malicious actor to cause service interruptions by sending specially crafted packets...
The vulnerability of the software for organizing and managing knowledge bases and documentation, KBPublisher, related to the manipulation of cross-site requests, allows a perpetrator to carry out CSRF attacks.
The vulnerability of the software for organizing and managing knowledge bases and documentation, KBPublisher, is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of Adobe Illustrator’s graphic editor, related to pointer naming errors, allows a hacker to trigger a service failure.
The vulnerability of Adobe Illustrator’s graphic editor is related to pointer assignment errors. Exploiting this vulnerability can allow attackers to trigger a service failure using a specially created malicious file...
The vulnerability of the Universal Plug and Play (UPnP) service in Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the Universal Plug and Play UPnP service in Windows operating systems is related to the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
The vulnerability of the PIA Core Technology component of the Oracle PeopleSoft Enterprise PeopleTools business application suite allows a hacker to gain unauthorized access to protected information.
The vulnerability of the PIA Core Technology component in the Oracle PeopleSoft Enterprise PeopleTools business application suite is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Demon Routing Protocol Daemon (RPD) in Juniper Networks’ Junos OS and Junos OS Evolved operating systems allows a attacker to cause a service failure.
The vulnerability of the Daemon Routing Protocol rpd in Junos OS and Junos OS Evolved operating systems is related to improper handling of parameter length discrepancies. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the IP Access Restriction function of the Cisco Identity Services Engine (ISE) management interface and the Cisco ISE Passive Identity Connector (ISE-PIC) virtual authentication data collection device allows a perpetrator to circumvent existing IP access restrictions.
The vulnerability of the IP Access Restriction function of the Cisco Identity Services Engine ISE and the Cisco ISE Passive Identity Connector ISE-PIC, a virtual device for collecting user authentication data, relates to bypassing authentication using data that is assumed to be unchangeable...
The vulnerability of the Endpoint Manager Mobile app for managing the lifecycle of mobile devices and applications (formerly known as MobileIron Core) arises from the lack of measures taken to neutralize specific elements. This allows a perpetrator to execute arbitrary code.
The vulnerability of the Ivanti Endpoint Manager Mobile EPMM application for managing the lifecycle of mobile devices and mobile applications formerly known as MobileIron Core is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this...
The vulnerability of Adobe InCopy, a text creation and editing software, relates to a countable loss of significance, allowing an attacker to execute arbitrary code.
The vulnerability of the Adobe InCopy text creation and editing software is related to a countable amount of data loss. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially created malicious file...
The vulnerability of the KVM switch display microprogramming system ATEN CL5708IM lies in the fact that the output operation goes beyond the buffer in memory, allowing a malicious actor to cause malfunctions in the service.
The vulnerability of the KVM switch display microprogramming system of ATEN CL5708IM is related to the output of operations beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...
Vulnerability of the iblock module in the 1C-Bitrix website management system: Website management that allows attackers to gain unauthorized access to protected information
Vulnerability of the iblock module in the Content Management System CMS of 1C-Bitrix: Website management is associated with errors in processing the relative path to the catalog. Exploiting this vulnerability can allow unauthorized users to gain unauthorized access to protected information...
Vulnerability of the iblock module in the 1C-Bitrix website management system: Website management that allows attackers to execute arbitrary code
Vulnerability of the iblock module in the Content Management System CMS of 1C-Bitrix: Website management is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to inject arbitrary code into any PHP script executed during the creation of new information...
The vulnerability of the Windows Microsoft PC Manager software for maintenance, cleaning, and security operations is related to access control errors, which allow attackers to escalate their privileges.
The vulnerability of the Windows Microsoft PC Manager software for maintenance, cleaning, and security operations is related to access control errors. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability in the drivers/acpi/platform_profile.c module of the Linux kernel allows a hacker to trigger a service failure.
The vulnerability in the drivers/acpi/platformprofile.c module of the Linux kernel is related to the use of an uninitialized resource. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of HashiCorp’s Vault Community Edition and Vault Enterprise storage platforms, related to resource management errors, allows attackers to trigger service interruptions.
The vulnerability of the HashiCorp Vault Community Edition and Vault Enterprise storage platforms relates to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the gf_ac4parser_bs function in the MP4Box multimedia platform of GPAC allows a hacker to cause a service failure or disclose protected information.
The vulnerability of the gfac4parserbs function in the MP4Box utility of the GPAC multimedia platform is related to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause system failures or disclose protected information...
The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module. The Oracle E-Business Suite technical foundation for automating business processes, allowing attackers to gain access to read, modify, and delete information.
The vulnerability of the Preferences component of the Oracle CRM system’s customer relationship management module is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain read, modify, and delete access to information...
The vulnerability of the em_compute_costs() function in the kernel/power/energy_model.c module of the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the emcomputecosts function in the kernel/power/energymodel.c module of the Linux operating system is related to the lack of checks for division by zero. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the django.utils.html.strip_tags() function in the Django web application framework allows a attacker to cause a denial-of-service attack.
The vulnerability of the django.utils.html.striptags function in the Django web application framework is related to memory leaks caused by the improper use of this function for releasing resources. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the MPEG-2 Video Extension codec in Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the MPEG-2 Video Extension codec in Microsoft Windows operating systems relates to the possibility of exploiting memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The vulnerability of the Linux operating system’s kernel, related to errors in resource release, allows a hacker to cause a service failure.
The vulnerability of the Linux operating system’s kernel is related to errors during resource release. Exploiting this vulnerability can allow an attacker to cause service failures...
The vulnerability of the IBM Storage Scale cluster file system, related to the lack of data cleaning measures at the management level, allows attackers to escalate their privileges and execute arbitrary commands.
The vulnerability of the IBM Storage Scale cluster file system is related to the lack of measures taken at the management level to clean up data. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary commands remotely...
Vulnerability of Windows operating systems, related to synchronization errors when using shared resources, allows attackers to escalate their privileges.
The vulnerability of Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the parse.ParseUnverified() function in the golang-jwt library for handling web tokens allows attackers to disclose sensitive information that should be protected.
The vulnerability of the parse.ParseUnverified function in the golang-jwt library for handling web tokens in the Go programming language is related to uncontrolled resource consumption. Exploiting this vulnerability allows an attacker to disclose protected information...
The vulnerability of the sub_410DDC() function in the web interface of the D-Link DIR-825 router’s microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of the sub410DDC function in the web interface of the D-Link DIR-825 router’s microprogramming software is related to the reading of data beyond the buffer boundaries in memory during the processing of the language parameter. Exploiting this vulnerability allows a remote attacke...
The vulnerability of the Windows SSDP service on Microsoft Windows operating systems allows attackers to escalate their privileges.
The vulnerability of the Windows SSDP service on Microsoft Windows operating systems is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
The vulnerability of the Windows User-Mode Driver Framework (UMDF) in Microsoft Windows operating systems allows a hacker to disclose sensitive information that is protected by this framework.
The vulnerability of the Windows User-Mode Driver Framework UMDF in Microsoft Windows is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the PHP Snappy library, related to insufficient validation of requests on the server side, allows a attacker to perform an SSRF attack.
The vulnerability of the PHP Snappy library is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially crafted HTTP request remotely...
The vulnerability of the Laravel Translation Manager PHP framework allows attackers to perform cross-site scripting attacks.
The vulnerability of the Laravel Translation Manager PHP framework is related to the lack of security measures for handling web page structures. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the CADImage plugin in the IrfanView software, which is used for viewing and playing graphic, video, and audio files, allows a hacker to execute arbitrary code.
The vulnerability of the CADImage plugin for viewing and playing back graphic, video, and audio files in IrfanView arises from the execution of an operation beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially...
The vulnerability of the platform for creating, publishing, and reproducing digital advertising on Adobe Experience Manager (AEM) Screens lies in the lack of protective measures for the website structure, allowing attackers to execute arbitrary code.
The vulnerability of the platform for creating, publishing, and reproducing digital advertising within Adobe Experience Manager AEM Screens is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary...
The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert allows a perpetrator to execute arbitrary code.
The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating ...
The vulnerability of the client of the Remote Desktop Client for Microsoft Windows operating systems allows a perpetrator to carry out spoofing attacks.
The vulnerability of the Remote Desktop Client for Microsoft Windows operating systems relates to the absence of warnings about dangerous actions. Exploiting this vulnerability allows a malicious actor to carry out spoofing attacks remotely...
The vulnerability of the Windows RRAS operating system’s routing and remote access service allows a hacker to execute arbitrary code.
The vulnerability of the Windows RRAS operating system’s routing and remote access service is related to buffer overflow in dynamic memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the data collection tool for Azure Monitor Agents, which operates on virtual machines and physical servers, stems from improper code generation. This allows attackers to execute arbitrary code.
Vulnerability of the data collection tool for Azure Monitor Agent, which processes virtual machines and physical servers, due to improper code generation management. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Windows Virtual Hard Disk component allows a hacker to execute arbitrary code.
The vulnerability of the Windows Virtual Hard Disk component in Windows operating systems is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Windows GDI component in Microsoft Windows operating systems allows attackers to disclose protected information.
The vulnerability of the Windows GDI component in Microsoft Windows systems is related to a breach of data protection mechanisms. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...
The vulnerability of the Graphics component of Windows operating systems, which allows a hacker to execute arbitrary code
The vulnerability of the Graphics component in Windows operating systems is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the Apica Loadtest plugin for Jenkins’ automation server lies in the fact that registration data is stored in an open manner, allowing a malicious actor to gain unauthorized access to the protected information.
The vulnerability of the Apica Loadtest plugin for Jenkins-based automation servers lies in the way registration data is stored in an open manner within the config.xml file. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information...
The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to cause a service failure.
The vulnerability of the Kerberos protocol for Windows operating systems lies in the fact that the operation occurs outside of the buffer in memory. Exploiting this vulnerability allows a malicious actor to cause service failures remotely...