90509 matches found
The vulnerability of the SetQuickVPNSettings module in D-Link wireless router software, such as DIR-882 and DIR-878, allows a hacker to execute arbitrary code.
The vulnerability of the SetQuickVPNSettings module in D-Link’s wireless router products, such as DIR-882 and DIR-878, is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of Lenovo printer’s microprogramming software allows a hacker to execute arbitrary code.
The vulnerability of Lenovo printer’s microprogramming software arises from an overflow in the buffer on the stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of distributed computing platforms and PowerJob’s task scheduling system, related to lack of access control, allows a intruder to gain unauthorized access to the user/save interface.
The vulnerability of distributed computing platforms and the PowerJob task scheduling system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the user/save interface...
The vulnerability of the shib_logout.php script of the ILIAS learning management and support system allows a perpetrator to redirect a user to any given URL address.
The vulnerability of the shiblogout.php script in the ILIAS learning management and support system lies in the use of open redirection when processing the return parameter. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address...
The vulnerability of the exec() function in the execQuoted() method of the ilUtil class (/Services/Utilities/classes/class.ilUtil.php) of the ILIAS learning management and support system allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the exec function in the execQuoted method of the ilUtil class /Services/Utilities/classes/class.ilUtil.php of the ILIAS training and support management system is related to the lack of measures for cleaning input data. Exploiting this vulnerability could allow a remote...
The vulnerability of the CMS system Backdrop CMS, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.
The vulnerability of the CMS system Backdrop CMS is related to the failure to take measures to protect the structure of a web page as a result of performing the “Publish” action in the “Content” section. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attack...
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to writing outside the buffer boundaries, allowing a malicious actor to execute arbitrary code in the context of the current user.
The vulnerability of Siemens Solid Edge’s design and simulation tools is related to writing beyond buffer boundaries. Exploiting this vulnerability can allow attackers to execute arbitrary code in the context of the current user, using specially created PAR files...
The vulnerability of the /goform/formSetACLFilter component of the D-Link N300 WI-Fi Router DIR-605L software, which allows a intruder to trigger a service failure or execute arbitrary code.
The vulnerability of the /goform/formSetACLFilter component in the D-Link N300 Wi-Fi Router DIR-605L wireless access point software relates to the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to cause service interruptions or execute...
The vulnerability of the /goform/formSetACLFilter component in the D-Link N300 WI-Fi Router DIR-605L wireless access point software allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the /goform/formSetACLFilter component in the D-Link N300 Wi-Fi Router DIR-605L wireless access point software relates to the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow an attacker to cause service interruptions or execute...
The vulnerability in the `bitrix/modules/crm/lib/order/import/instagram.php` file of the Crm service for business management in Bitrix24 allows a hacker to execute arbitrary code and increase their privileges.
The vulnerability in the bitrix/modules/crm/lib/order/import/instagram.php file of the Crm service for business management in Bitrix24 exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remote...
The vulnerability of the `foogallery_image_editor_modal` function in the FooGallery plugin of the WordPress content management system allows attackers to perform cross-site scripting attacks.
The vulnerability of the foogalleryimageeditormodal function in the FooGallery plugin of the WordPress content management system exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the `desktop_app/file.ajax.php?action=uploadfile` component in the main module of the Bitrix24 business management service allows a attacker to cause a service failure.
The vulnerability of the desktopapp/file.ajax.php?action=uploadfile component in the main module of the Bitrix24 business management service is related to the execution of a loop with an unavailable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service...
The vulnerability of the update download section for software solutions in the Spectrum Virtualize virtualization technology allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the update download section for Spectrum Virtualize software relates to insufficient protection of operational data during the download process. Exploiting this vulnerability allows an attacker to gain unauthorized access to protected information by using the “satask...
The vulnerability of the Kavita Kavitareader software for reading e-books in the Kavita format lies in the lack of authentication for a critical function. This allows attackers to influence the confidentiality and integrity of the protected information.
The vulnerability of the Kavita Kavitareader software for reading e-books in the Kavita format is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker to influence the confidentiality and integrity of the protected information...
The vulnerability of Siemens Solid Edge’s design and simulation tools relates to reading beyond the memory boundary, allowing a malicious actor to execute arbitrary code.
The vulnerability of Siemens Solid Edge’s design and simulation tools is related to reading beyond the memory limit. Exploiting this vulnerability can allow an attacker to execute arbitrary code using specially created PAR files...
The vulnerability of the chkRegVeriRegister() function in TP-LINK’s router software TL-WR886N allows a perpetrator to influence the integrity, accessibility, and confidentiality of the protected information.
The vulnerability of the chkRegVeriRegister function in TP-LINK’s TL-WR886N router software lies in the fact that the operation is performed outside of the buffer in memory. Exploiting this vulnerability allows an attacker to compromise the integrity, availability, and confidentiality of the...
The vulnerability of the registerRequestHandle() function in TP-LINK TL-WR886N router software allows a hacker to manipulate the integrity, accessibility, and confidentiality of the protected information.
The vulnerability of the registerRequestHandle function in TP-LINK’s TL-WR886N router software lies in the fact that the operation’s output is stored outside of the buffer in memory. Exploiting this vulnerability could allow a remote attacker to compromise the integrity, availability, and...
The vulnerability of the Downloads component of the Google Chrome browser, which allows attackers to perform spear-phishing attacks
The vulnerability of the Downloads component of the Google Chrome browser is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spoofing attacks...
The vulnerability of operating systems such as Mac OS, Cisco IOS, HP-UX, Tru64 UNIX, AIX, OS/2, Windows, Novell Netware, Solaris, IRIX, SCO Unix, bsdos, and Linux lies in the fact that ICMP information, such as masks and timestamps, can be transmitted by arbitrary hosts, allowing attackers to disclose sensitive information.
The vulnerabilities of operating systems such as Mac OS, Cisco IOS, HP-UX, Tru64 UNIX, AIX, OS/2, Windows, Novell Netware, Solaris, IRIX, SCO Unix, bsdos, and Linux stem from the fact that ICMP information, including masks and timestamps, is exposed to arbitrary hosts. Exploiting these...
The vulnerability of the 3D model texturing program Adobe Substance 3D Designer, related to reading data outside the buffer in memory, allows a hacker to execute arbitrary code.
The vulnerability of the 3D model texturing program Adobe Substance 3D Designer lies in the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created USD file...
The vulnerability of Weintek’s cMT3000 HMI Web CGI panel’s microprogramming software arises from buffer overflow in the stack. This allows a malicious actor to bypass the authentication process.
The vulnerability of Weintek’s cMT3000 HMI Web CGI panel software lies in buffer overflow attacks within the stack. Exploiting this vulnerability could allow an attacker to bypass the authentication process...
The vulnerability of the fill_kobj_path() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the fillkobjpath function in the Linux operating system’s kernel is related to memory writing beyond the bounds of the allocated buffer in the lib/kobject.c module. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...
The vulnerability of the printer web page module (ARM) of Honeywell PM43, which allows a intruder to execute arbitrary commands
The vulnerability of the printer web page module ARM of Honeywell PM43 is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability can allow a remote attacker to execute arbitrary commands...
The vulnerability of the WireGuard VPN service, related to errors in handling links, allows a malicious actor to block IP traffic on selected IP addresses.
The vulnerability of the VPN service WireGuard is related to errors in handling links. Exploiting this vulnerability allows a remote attacker to block IP traffic on selected IP addresses...
The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to errors in processing input data, allows a perpetrator to cause service interruptions.
The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the Web Listener component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Web Listener component of the Oracle HTTP Server is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the microprogramming software of the D-Link DAP-1325 wireless signal amplifier arises from reading data beyond the buffer in memory. This allows a hacker to execute arbitrary code.
The vulnerability of the microprogrammed software of the D-Link DAP-1325 wireless signal amplifier lies in reading data outside the buffer in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the Routing Protocol Demon (RPD) in Juniper Networks’ Junos OS and Junper Networks’ Junos OS Evolved operating systems allows a attacker to cause a service failure.
The vulnerability of the Routing Protocol Demon RPD in Juniper Networks’ Junos OS and Junper Networks’ Junos OS Evolved operating systems is related to syntax validation errors in input verification. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the PDFium component in the Google Chrome browser allows a hacker to execute arbitrary code.
The vulnerability of the PDFium component in the Google Chrome browser is related to buffer overflow. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created PDF file...
The vulnerability of the Windows Common Log File System (CLFS) driver in Windows operating systems allows a hacker to disclose protected information.
The vulnerability of the Windows Common Log File System CLFS driver in Windows operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information...
The vulnerability of the Microsoft Office software package, related to deficiencies in access control, allows attackers to escalate their privileges.
The vulnerability of the Microsoft Office package is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to enhance their privileges...
The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, stems from insufficient validation of arguments passed in commands. This allows attackers to execute arbitrary code.
The vulnerability of Fortinet FortiWLM, a centralized management system for WLAN access points and LAN switches, is related to insufficient checking of arguments passed in commands. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...
The vulnerability of the FortiMail email protection system lies in the lack of measures taken to protect the structure of the web page, allowing attackers to execute arbitrary codes.
The vulnerability of the FortiMail email protection system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary codes remotely...
The vulnerability of the curl_easy_duphandle function in the libcurl library allows a hacker to create or re-record cookies.
The vulnerability of the curleasyduphandle function in the libcurl library is related to external control via a filename or file path. Exploiting this vulnerability allows a malicious actor to create or rewrite cookie files remotely...
The vulnerability of Acronis Cyber Protect 15’s data protection software lies in its insufficient verification of the authenticity of executed requests. This allows attackers to compromise the integrity of the protected information.
The vulnerability of Acronis Cyber Protect 15 software-related data protection software lies in the insufficient verification of the authenticity of executed requests. Exploiting this vulnerability can allow an attacker, operating remotely, to compromise the integrity of the protected information...
The vulnerability of the SetWLanRadioSecurity() function in D-Link DIR-3040 wireless router software allows a hacker to execute arbitrary code.
The vulnerability of the SetWLanRadioSecurity function in D-Link DIR-3040 wireless router software lies in the fact that the operation’s output escapes the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending specially crafted HNAP requests...
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a intruder to execute arbitrary code.
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the wloggui interface of the Control Web Panel (CWP) application (formerly CentOS Web Panel) allows a malicious user to escalate their privileges and execute arbitrary commands.
The vulnerability of the wloggui interface of the Control Web Panel CWP application formerly CentOS Web Panel is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands...
The vulnerability of the addWifiMacFilter function in the microprogramming software for Tenda AC10U allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the addWifiMacFilter function in the Tenda AC10U router software lies in the fact that the operation’s output goes beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...
The vulnerability of the application software interface of the Cisco DNA Center allows a hacker to read and modify data in its internal repository.
The vulnerability of the Cisco DNA Center’s application programming interface is related to errors in access management. Exploiting this vulnerability allows a malicious actor to remotely read and modify data in the internal repository by sending specially crafted API requests...
The vulnerability of the formSetWanPPPoE function in the D-Link DIR-619L router’s software allows a hacker to cause a service failure.
The vulnerability of the formSetWanPPPoE function in the D-Link DIR-619L router software is related to the writing of data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...
The vulnerability of the formWifiBasicSet function in the microprogramming software for Tenda A18 allows a hacker to cause a service failure.
The vulnerability of the formWifiBasicSet function in the Tenda A18 router microprogramming system is related to the ability to write data beyond the buffer in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...
The vulnerability of the PDF-XChange PDF document viewing and editing program, related to out-of-memory reading, allows attackers to disclose protected information.
The vulnerability of the PDF document viewing and editing software PDF-XChange is related to reading beyond the memory limit. Exploiting this vulnerability can allow an attacker to disclose protected information using a specially created TIF file...
The vulnerability of the Kostac PLC Programming Software (formerly Koyo PLC Programming Software) relates to the re-release of memory, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Kostac PLC Programming Software formerly Koyo PLC Programming Software relates to the repeated release of memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created project file...
The vulnerability of the dumpHeap method in the Avalanche mobile device management system allows a hacker to escalate their privileges.
The vulnerability of the dumpHeap method in the Avalanche mobile device management system is related to errors during the authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
The vulnerability of the SetAPLanSettings() function in the microprogramming software of the D-Link DAP-1325 wireless signal booster allows a hacker to execute arbitrary code.
The vulnerability of the SetAPLanSettings function in the microprogramming software of the D-Link DAP-1325 wireless signal booster relates to the lack of measures to neutralize specific elements. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
The vulnerability of the neighmgrd and nlmanager components of the NVIDIA Cumulus Linux network operating system allows a hacker to trigger a service failure.
The vulnerability of the neighmgrd and nlmanager components of the NVIDIA Cumulus Linux network operating system is related to an exception handling error. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...
The vulnerability of the Editor Annotation component of the PDF-XChange PDF document viewing and editing software allows a perpetrator to execute arbitrary code.
The vulnerability of the Editor Annotation component in the PDF-XChange PDF document viewing and editing software relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
The software for managing medical organizations like OpenEMR is vulnerable due to insufficient verification of input data, allowing attackers to compromise data privacy and integrity.
The software for managing medical organizations called OpenEMR is vulnerable due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality and integrity of data...
The vulnerability of the dir_setWanWifi function in D-Link DIR-816 A2 router software allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the dirsetWanWifi function in D-Link DIR-816 A2 router microprogramming software is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the...