90509 matches found
The vulnerability of the MySQL software component used for managing power supply sources in Voltronic Power View. This allows a hacker to elevate their privileges to the level of an administrator.
The vulnerability of the MySQL component in the software for managing power sources in Voltronic Power ViewPower Pro lies in the use of rigidly encoded credentials. Exploiting this vulnerability could allow an attacker to elevate their privileges to the level of an administrator...
The vulnerability of the programming software for PLCs (programmable logic controllers), namely the Saia PG5 Controls Suite, arises from incorrect restrictions on XML references to external objects. This vulnerability allows attackers to gain unauthorized access to protected information.
The vulnerability of the programming software for PLCs programmable logic controllers, Saia PG5 Controls Suite, is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...
The vulnerability of the sms_decode_address_field() function in the OFono mobile phone stack allows a hacker to execute arbitrary code.
The vulnerability of the smsdecodeaddressfield function in the OFono mobile phone stack is related to the execution of operations outside the buffer in memory when sending SMS messages in PDU format. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the application access control library in the SAP XS Advanced sap-xssec development, integration, and application extension platform in the SAP Business Technology Platform (BTP) environment is related to insecure management of privileges. This allows attackers to escalate their privileges.
The vulnerability of the application access control library in the SAP XS Advanced sap-xssec development, integration, and application extension platform in the SAP Business Technology Platform BTP environment is related to insecure management of privileges. Exploiting this vulnerability can allo...
The vulnerability of the get_set.ccp file in the web interface for controlling the wireless router TRENDnet TEW-652BRP allows a hacker to execute arbitrary code.
The vulnerability of the getset.ccp file in the web interface for controlling the wireless router TRENDnet TEW-652BRP is related to the lack of data cleaning measures at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Bulk Modification Tool component in Nagios XI allows a hacker to execute arbitrary SQL code.
The vulnerability of the Bulk Modification Tool component in Nagios XI is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL code remotely...
The vulnerability of FortiWeb web applications’ network firewalls arises from improper processing of output data for registration logs, allowing attackers to replace the traffic logs.
The vulnerability of FortiWeb web applications’ network firewalls is related to improper processing of output data for registration logs. Exploiting this vulnerability allows a malicious actor to replace traffic logs through a specially created web page...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the structure of web pages, allows attackers to disclose protected information.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to disclose protected information remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.
The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...
The vulnerability of the Microsoft Office for Mac software, related to errors in user interface information representation, allows attackers to perform spear-phishing attacks.
The vulnerability of the Microsoft Office for Mac software is related to information representation errors in the user interface. Exploiting this vulnerability can allow attackers to perform spear-phishing attacks remotely...
The vulnerability of the Windows Hyper-V hardware virtualization system allows attackers to escalate their privileges.
The vulnerability of the Windows Hyper-V hardware virtualization system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to increase their privileges...
The vulnerability of the IBM DB2 database management system, which arises due to insufficient validation of input data, allows a hacker to trigger a service failure.
The vulnerability of the IBM DB2 database management system exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...
The vulnerability of the Autoptimize plugin of the WordPress content management system, related to security mechanism errors, allows attackers to gain unauthorized access to information.
The vulnerability of the Autoptimize plugin of the WordPress content management system is related to security mechanism errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to information...
The vulnerability of the 5G mobile communication network organization software free5GC, related to the lack of authentication for critical functions, allows attackers to disclose protected information.
The vulnerability of the software for managing fifth-generation mobile communication networks 5G, free5GC, is related to the absence of authentication for a critical function. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose protected information...
The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring lies in its ability to restore unreliable data in memory, allowing an attacker to execute commands with local administrator privileges.
The vulnerability of the Delta Electronics InfraSuite Device Master software for real-time device monitoring lies in the recovery of unreliable data in memory. Exploiting this vulnerability allows a remote attacker to execute code with local administrator privileges...
The vulnerability of the FedCM component in the Google Chrome browser allows a perpetrator to execute arbitrary code or trigger a service failure.
The vulnerability of the FedCM component in the Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code or cause a service failure through a specially created malicious web page...
The vulnerability of the microprogramming software of the Ubiquiti Networks UniFi Dream Machine Pro, related to deficiencies in access control, allows intruders to circumvent domain restrictions.
The vulnerability of the microprogrammed software of the Ubiquiti Networks UniFi Dream Machine Pro relates to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass domain restrictions using specially created packages...
The vulnerability in the Safari browser on operating systems such as iPadOS, iOS, and Mac OS allows a hacker to exploit it to access the history of web browsing activities.
The vulnerability of the Safari browser on iPadOS, iOS, and Mac OS relates to the disclosure of information. Exploiting this vulnerability allows a malicious actor to disclose the history of web browsing...
The vulnerability of the cstecgi.cgi implementation in TOTOLINK X5000R router microprogramming software allows a perpetrator to execute arbitrary commands.
The vulnerability of the cstecgi.cgi microprogramming system implementation in TOTOLINK X5000R routers is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the struts.multipart.saveDir configuration on the Apache Struts software platform allows attackers to cause service failures.
The vulnerability of the struts.multipart.saveDir configuration on the Apache Struts software platform is related to insufficient control over resources with dynamic management, as a result of processing query fields whose values exceed the maxStringLength limit. Exploiting this vulnerability...
The vulnerability in the implementation of the Media Capture application interface of Google Chrome and Microsoft Edge allows a perpetrator to disclose protected information.
The vulnerability of the Media Capture application interface in Google Chrome and Microsoft Edge browsers relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to disclose sensitive information...
The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanisms, as well as the software products such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allows a perpetrator to trigger a service failure.
The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...
The vulnerability of the Adobe Media Encoder application, related to access to an uninitialized pointer, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the Adobe Media Encoder application relates to access to an uninitialized pointer. Exploiting this vulnerability could allow a perpetrator to gain unauthorized access to protected information through a specially created malicious file...
The vulnerability of Adobe InDesign’s computer layout automation tool, related to reading data outside the buffer in memory, allows attackers to exploit this to disclose protected information.
The vulnerability of Adobe InDesign’s computer layout automation tool is related to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the Apache Storm distributed stream processing software’s software platform in UNIX-like operating systems, related to access control deficiencies, allows attackers to disclose sensitive information.
The vulnerability of the Apache Storm distributed stream processing software’s software platform in UNIX-like operating systems is related to lack of access control mechanisms. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by the system’s...
The vulnerability of the 3D modeling software Argon Ashlar-Vellum lies in its uncontrolled search element, which allows a hacker to execute arbitrary code.
The vulnerability of the 3D modeling software Argon Ashlar-Vellum is related to an uncontrolled element in the search process. Exploiting this vulnerability could allow a hacker to execute arbitrary code...
The vulnerability of the Golang programming language decoder, related to the distribution of resources without any restrictions or regulations, allows attackers to cause service failures.
The vulnerability of the Golang programming language decoder is related to the decoding of large amounts of compressed data, which consumes excessive memory and processing power. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...
The vulnerability of the cplus-dem.c component of the GNU Binutils development environment allows a attacker to trigger a service failure.
The vulnerability of the cplus-dem.c component of the GNU Binutils development environment is related to the allocation of unlimited memory. Exploiting this vulnerability allows a remote attacker to cause a service failure using a specially created file...
The vulnerability of the SetQuickVPNSettings module in D-Link wireless router software, such as DIR-882 and DIR-878, allows a hacker to execute arbitrary code.
The vulnerability of the SetQuickVPNSettings module in D-Link’s wireless router products, such as DIR-882 and DIR-878, is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of Lenovo printer’s microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of Lenovo printer’s microprogramming software arises from an overflow in the buffer on the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the CMS system Backdrop CMS, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the CMS system Backdrop CMS is related to the failure to take measures to protect the structure of a web page as a result of performing the “Publish” action in the “Content” section. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attack...
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to writing outside the buffer boundaries, allowing a malicious actor to execute arbitrary code in the context of the current user.
The vulnerability of Siemens Solid Edge’s design and simulation tools is related to writing beyond buffer boundaries. Exploiting this vulnerability can allow attackers to execute arbitrary code in the context of the current user, using specially created PAR files...
The vulnerability of distributed computing platforms and PowerJob’s task scheduling system, related to lack of access control, allows a intruder to gain unauthorized access to the user/save interface.
The vulnerability of distributed computing platforms and the PowerJob task scheduling system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the user/save interface...
The vulnerability of the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) of the ILIAS learning management and support system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the exec function in the execQuoted method of the ilUtil class /Services/Utilities/classes/class.ilUtil.php of the ILIAS training and support management system is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote...
The vulnerability of the shib_logout.php script of the ILIAS learning management and support system allows a perpetrator to redirect a user to any given URL address.
The vulnerability of the shiblogout.php script in the ILIAS learning management and support system lies in the use of open redirection when processing the return parameter. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address...
The vulnerability of the `foogallery_image_editor_modal` function in the FooGallery plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.
The vulnerability of the foogalleryimageeditormodal function in the FooGallery plugin of the WordPress content management system exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the `desktop_app/file.ajax.php?action=uploadfile` component in the main module of the Bitrix24 business management service allows a attacker to cause a service failure.
The vulnerability of the desktopapp/file.ajax.php?action=uploadfile component in the main module of the Bitrix24 business management service is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service...
The vulnerability of the /goform/formSetACLFilter component of the D-Link N300 WI-Fi Router DIR-605L software, which allows a intruder to trigger a service failure or execute arbitrary code.
The vulnerability of the /goform/formSetACLFilter component in the D-Link N300 Wi-Fi Router DIR-605L wireless access point software relates to the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to cause service interruptions or execute...
The vulnerability in the `bitrix/modules/crm/lib/order/import/instagram.php` file of the Crm service for business management in Bitrix24 allows a hacker to execute arbitrary code and increase their privileges.
The vulnerability in the bitrix/modules/crm/lib/order/import/instagram.php file of the Crm service for business management in Bitrix24 exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...
The vulnerability of the /goform/formSetACLFilter component in the D-Link N300 WI-Fi Router DIR-605L wireless access point software allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the /goform/formSetACLFilter component in the D-Link N300 Wi-Fi Router DIR-605L wireless access point software relates to the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to cause service interruptions or execute...
The vulnerability of the update download section for software solutions in the Spectrum Virtualize virtualization technology allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the update download section for Spectrum Virtualize software relates to insufficient protection of operational data during the download process. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information by using the “satask...
The vulnerability of the WebApp Provider component of Google Chrome allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Google Chrome browser’s WebApp Provider component is related to improperly implemented security checks for standard elements. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information through a specially...
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to reading beyond the memory boundary, allowing a malicious actor to execute arbitrary code.
The vulnerability of Siemens Solid Edge’s design and simulation tools is related to reading beyond the memory limit. Exploiting this vulnerability can allow an attacker to execute arbitrary code using specially created PAR files...
The vulnerability of the chkRegVeriRegister() function in TP-LINK’s router software TL-WR886N allows a perpetrator to influence the integrity, accessibility, and confidentiality of the protected information.
The vulnerability of the chkRegVeriRegister function in TP-LINK’s TL-WR886N router software lies in the fact that the operation is performed outside of the buffer in memory. Exploiting this vulnerability allows an attacker to compromise the integrity, availability, and confidentiality of the...
The vulnerability of the registerRequestHandle() function in TP-LINK TL-WR886N router software allows a hacker to manipulate the integrity, accessibility, and confidentiality of the protected information.
The vulnerability of the registerRequestHandle function in TP-LINK’s TL-WR886N router software lies in the fact that the operation’s output is stored outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to compromise the integrity, availability, and...
The vulnerability of operating systems such as Mac OS, Cisco IOS, HP-UX, Tru64 UNIX, AIX, OS/2, Windows, Novell Netware, Solaris, IRIX, SCO Unix, bsdos, and Linux lies in the fact that ICMP information, such as masks and timestamps, can be transmitted by arbitrary hosts, allowing attackers to disclose sensitive information.
The vulnerabilities of operating systems such as Mac OS, Cisco IOS, HP-UX, Tru64 UNIX, AIX, OS/2, Windows, Novell Netware, Solaris, IRIX, SCO Unix, bsdos, and Linux stem from the fact that ICMP information, including masks and timestamps, is exposed to arbitrary hosts. Exploiting these...
The vulnerability of the 3D model texturing program Adobe Substance 3D Designer, related to reading data outside the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the 3D model texturing program Adobe Substance 3D Designer lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created USD file...
The vulnerability of the WireGuard VPN service, related to errors in handling links, allows a malicious actor to block IP traffic on selected IP addresses.
The vulnerability of the VPN service WireGuard is related to errors in handling links. Exploiting this vulnerability allows a remote attacker to block IP traffic on selected IP addresses...
The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to errors in processing input data, allows a perpetrator to cause service interruptions.
The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...