74701 matches found
The vulnerability of the Import a Theme function in the MyBB forum creation software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the “Import a Theme” function in the MyBB forum creation software is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the ConvertFromJson method in the monitoring and security management tool Trend Micro Apex Central allows a attacker to execute arbitrary code in the context of NETWORK SERVICE.
The vulnerability of the ConvertFromJson method in the Trend Micro Apex Central security monitoring and management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of NETWORK SERVICE...
The vulnerability of the Kubernetes Image Builder software lies in its use of hard-coded credentials, which allows an attacker to gain access to the virtual machine.
The vulnerability of the Kubernetes Image Builder software lies in the use of strictly encrypted credentials. Exploiting this vulnerability could allow a malicious actor to gain access to the virtual machine remotely...
The vulnerability of the libsavsvc.so library in Android operating systems allows a hacker to trigger a service failure.
The vulnerability of the libsavsvc.so library in Android operating systems relates to the reading of data beyond the buffer boundaries in memory during the decoding of headers. Exploiting this vulnerability can allow an attacker to cause a service failure...
The software’s vulnerability related to accessing analytics and planning tools in the IBM Analytics Content Hub allows unauthorized users to upload any type of files. This vulnerability enables attackers to upload arbitrary files.
The vulnerability of the software for accessing analytics and planning tools in the IBM Analytics Content Hub is related to the ability to download files of a malicious nature without limitation. Exploiting this vulnerability could allow a malicious actor to download any files as desired...
The vulnerability of the dynamic_analysis.html component in the Mobile Security Framework (MobSF), a security research framework for mobile applications, allows an attacker to execute cross-site scripting attacks.
The vulnerability of the dynamicanalysis.htm component in the Mobile Security Framework MobSF for mobile application security research is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a remote attacker to execute cross-site scripting...
The vulnerability of Zoom’s video conferencing software, related to the implementation of incorrect control flow, allows attackers to disclose protected information.
The vulnerability of Zoom video conferencing software is related to the implementation of incorrect control flow. Exploiting this vulnerability can allow a remote attacker to disclose sensitive information...
The vulnerability of the DeserializeFromBase64String method implemented by the PolicyServer server of Trend Micro Endpoint Encryption (TMEE) allows a malicious actor to execute arbitrary code within the SYSTEM context.
The vulnerability of the DeserializeFromBase64String method implemented by the PolicyServer server of Trend Micro Endpoint Encryption TMEE involves insufficient validation of input data. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code within the SYSTE...
The system’s vulnerability for analysis and monitoring of production in PROTECH, due to insufficient verification of input data, allows a perpetrator to execute arbitrary codes and increase their privileges.
The system’s vulnerability for analysis and monitoring of PROTECH production exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and gain increased privileges...
The vulnerability of the qosClassifier() function (/goform/qosClassifier) in D-Link DIR-816 router software allows a attacker to cause a service failure.
The vulnerability of the qosClassifier function /goform/qosClassifier of D-Link DIR-816 router software lies in the lack of measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow a malicious actor to cause service failure by sending ...
The vulnerability of Trend Micro Password Manager relates to the improper handling of symbolic links before accessing a file. This allows attackers to elevate their privileges and execute arbitrary code within the SYSTEM context.
The vulnerability of the Trend Micro Password Manager storage tool is related to the improper handling of symbolic links before accessing the file. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code within the SYSTEM context...
The vulnerability of the fromSetIpBind() function in the /goform/SetIpBind library of the Tenda FH451 router software allows a attacker to execute arbitrary code or cause a service failure.
The vulnerability of the fromSetIpBind function in the /goform/SetIpBind microprogramming system for Tenda FH451 routers is related to buffer overflows when processing the page parameter. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...
The vulnerability of the Import Avatar function in the MyBB forum creation software allows a hacker to gain unauthorized access to protected information.
The vulnerability of the “Import Avatar” function in the MyBB forum creation software is related to insufficient validation of requests on the server side. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
The vulnerability of Zoom’s video conferencing software, related to errors in the authentication process, allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of Zoom’s video conferencing software is related to errors in the authentication process for verifying certificate authenticity. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the Common Client Real-time Scan service of Trend Micro’s anti-virus software programs, Apex One and Apex One as a Service, allows attackers to escalate their privileges and execute arbitrary code within the SYSTEM context.
The vulnerability of Trend Micro Apex One and Apex One as a Service anti-virus software’s Common Client Real-time Scan function is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to enhance their privileges and execute...
The vulnerability of the BuildEnterpriseSearchString method implemented by the PolicyServer server of the Trend Micro Endpoint Encryption (TMEE) encryption data solution allows a perpetrator to increase their privileges.
The vulnerability of the BuildEnterpriseSearchString method implemented by the PolicyServer server of the Trend Micro Endpoint Encryption TMEE encryption data solution is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability can allow an attacker...
The vulnerability of the Core server component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Core server component of Oracle WebLogic Server is related to the lack of authentication for critical functions. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using protocols such as T3 and II...
The vulnerability of the FastReport.NET report and document generation library lies in the improper limitation of XML references to external objects. This allows attackers to gain unauthorized access to files and perform SSRF attacks.
The vulnerability of the FastReport.NET report and document generation library is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to files and perform a SSRF attack...
The vulnerability of the setSystemWizard() and setSystemControl() functions in D-Link DCS-932L IP camera software allows a perpetrator to execute arbitrary commands.
The vulnerability of the setSystemWizard and setSystemControl functions in D-Link DCS-932L IP cameras exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of Google Chrome’s WebRTC technology, which allows a violator to trigger a service failure.
The vulnerability of Google Chrome’s WebRTC technology is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause a service failure through a specially created HTML page...
The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service allows a malicious actor to elevate their privileges and execute arbitrary code within the SYSTEM context.
The vulnerability of the VsapiNT.sys module in anti-virus software from Trend Micro’s Apex One and Apex One as a Service is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitra...
The vulnerability of the formWifiExtraSet (/goform/WifiExtraSet) function in the TendaFH1205 router software allows a attacker to cause a service failure or execute arbitrary code.
The vulnerability of the formWifiExtraSet /goform/WifiExtraSet function in the TendaFH1205 router microprogramming system is related to the operation that goes beyond the buffer in memory when processing the wpapskcrypto parameter. Exploiting this vulnerability can allow an attacker to cause...
The vulnerability of the sub_4197C0() function in TOTOLINK A3300R router microprogramming software allows a intruder to execute arbitrary commands.
The vulnerability of the sub4197C0 function in TOTOLINK A3300R router microprogramming systems is related to the lack of measures taken to neutralize special elements during the processing of mac and desc parameters. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The software’s vulnerability regarding access to analytics and planning tools within the IBM Analytics Content Hub, due to deficiencies in the error reporting mechanism, allows a perpetrator to gain access to confidential information.
The vulnerability of the software for accessing analytics and planning tools in the IBM Analytics Content Hub is related to deficiencies in the reporting mechanism for errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to confidential...
The vulnerability of the LeAudioService service in Android operating systems allows a hacker to gain access to read and modify data.
The vulnerability of the LeAudioService service on Android operating systems is related to access control errors. Exploiting this vulnerability can allow an attacker to gain access to read and modify data...
The vulnerability of the Mobile Security Framework (MobSF), which arises from insecure management of privileges, allows attackers to gain unauthorized access to protected information.
The vulnerability of the Mobile Security Framework for mobile application security research lies in the insecure management of privileges. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the User Interface Manager component in the Security Agent of Trend Micro’s anti-virus software products, Apex One and Apex One as a Service, allows a malicious actor to bypass existing security restrictions and execute arbitrary code.
The vulnerability of the User Interface Manager component in Trend Micro Apex One and Apex One as a Service anti-virus software programs relates to improper handling of user actions. Exploiting this vulnerability can allow attackers to bypass existing security restrictions and execute arbitrary...
The vulnerability of the Web Server component of the Oracle BI Publisher software, which is used for creating reports, allows a malicious individual to gain access to read, modify, add, or delete data.
The vulnerability of the Web Server component of the Oracle BI Publisher software for creating reports is related to lack of access control measures. Exploiting this vulnerability could allow an attacker to gain read, modify, add, or delete access to data...
The vulnerability of the GetReportDetailView method in the security monitoring and management tool Trend Micro Apex Central allows a malicious actor to execute arbitrary code in the context of NETWORK SERVICE.
The vulnerability of the GetReportDetailView method in the monitoring and security management tool Trend Micro Apex Central is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code in the context of NETWORK SERVICE...
The vulnerability of Trend Micro Apex One and Apex One as a Service anti-virus software lies in its uncontrolled search path. This allows attackers to escalate their privileges and execute arbitrary code within the SYSTEM context.
The vulnerability of the Data Loss Prevention module in Trend Micro’s anti-virus software programs Apex One and Apex One as a Service is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow attackers to enhance their privileges and execute arbitrary co...
The vulnerability of the User Interface Manager component in the Security Agent of Trend Micro’s anti-virus software products, Apex One and Apex One as a Service, allows a malicious actor to bypass existing security restrictions and execute arbitrary code.
The vulnerability of the User Interface Manager component in Trend Micro Apex One and Apex One as a Service anti-virus software programs relates to insecure privilege management. Exploiting this vulnerability can allow attackers to bypass existing security restrictions and execute arbitrary code...
The vulnerability of the menu_nat_more_asp() function in the D-Link DI-8100 router microprogramming software, which allows a hacker to cause a service failure
The vulnerability of the menunatmoreasp function in D-link DI-8100 router microprogramming software is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...
The vulnerability of Bluetooth technology in Android operating systems allows intruders to gain increased privileges.
The vulnerability of Bluetooth technology in Android operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability in the web interface of the Wi-Fi router TP-Link Archer C1200 allows a hacker to compromise the integrity of the protected information.
The vulnerability of the web interface for managing microprogramming software on the TP-Link Archer C1200 Wi-Fi router is related to improper restrictions on the layers or frames displayed in the user interface. Exploiting this vulnerability allows a malicious actor to compromise the integrity of...
The vulnerability of the Grafana monitoring and observation platform, related to the lack of measures taken to protect the website structure, allows attackers to execute cross-site scripting attacks (XSS).
The vulnerability of the Grafana monitoring and observation platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability in the driver module drivers/net/vxlan/vxlan_core.c of Linux operating systems allows a attacker to compromise the integrity of protected information.
The vulnerability in the drivers/net/vxlan/vxlancore.c module of Linux operating systems is related to the state of the network competition. Exploiting this vulnerability can allow an attacker to compromise the integrity of protected information...
The vulnerability of the virtqueue_enable_cb_delayed() function in the drivers/virtio/virtio_ring.c module of Linux kernel allows a attacker to cause a service failure.
The vulnerability of the virtqueueenablecbdelayed function in the drivers/virtio/virtioring.c kernel module of Linux operating systems is related to the race condition. Exploiting this vulnerability can allow an attacker to cause a service failure...
Vulnerability of the atm_dev_deregister() function (net/atm/resources.c) in Linux operating systems, allowing a hacker to trigger a service failure
The vulnerability of the atmdevderegister function net/atm/resources.c in Linux operating systems is related to incorrect calculations. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the GoldenDB database management system, related to insufficient validation of input data, allows attackers to gain unauthorized access to protected information and cause service failures.
The vulnerability of the GoldenDB database management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information and cause service failures...
The vulnerability of the Modbus programmable logic controller DELTA AS320T protocol allows a intruder to execute any code they desire.
The vulnerability of the Modbus-programmable logical controller DELTA AS320T lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Secure Boot component in Espressif Systems’ ESP series microcontrollers allows a hacker to redirect the execution of commands to an arbitrary address.
The vulnerability of the Secure Boot v2 component in Espressif Systems’ microcontrollers is related to synchronization errors when using a common resource “Race Condition”. Exploiting this vulnerability could allow an attacker to redirect the execution of commands to an arbitrary address...
The vulnerability of the online platform GarminConnect, related to the lack of measures taken to protect the SQL query structure, allows a perpetrator to access protected information.
The vulnerability of the online platform GarminConnect relates to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability could allow an attacker to access protected information...
The vulnerability of the software for organizing and managing knowledge bases and documentation, KBPublisher, related to the manipulation of cross-site requests, allows a perpetrator to carry out CSRF attacks.
The vulnerability of the software for organizing and managing knowledge bases and documentation, KBPublisher, is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...
The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in the incorrect path name restrictions for the restricted access catalog, allowing attackers to perform spear-phishing attacks.
The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server packages is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to perform spear-phishing attacks remotely...
The vulnerability of the Aggregate Term Handler component in the SQLite database management system allows a attacker to compromise privacy, integrity, and accessibility.
The vulnerability of the Aggregate Term Handler component in the SQLite database management system is related to numerical truncation errors. Exploiting this vulnerability could allow an attacker to compromise privacy, integrity, and accessibility of the data...
The vulnerability in the `arch/x86/power/cpu.c` module of Linux operating systems allows a hacker to cause a service failure.
The vulnerability in the arch/x86/power/cpu.c module of Linux operating systems is related to incorrect initialization of resources due to discrepancies in values before and after the hibernation mode. Exploiting this vulnerability can allow an attacker to cause a system failure...
The vulnerability of the Behavioral DoS (BADoS) function of the BIG-IP Application Security Manager allows a attacker to cause a service failure.
The vulnerability of the Behavioral DoS BADoS function of the BIG-IP Application Security Manager protection tool is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
Yandex Punto Switcher
...
The vulnerability of the Vnet/IP SCADA system’s interface of Yokogawa CENTUM VP allows a intruder to trigger a service failure.
The vulnerability of the Vnet/IP SCADA system of Yokogawa CENTUM VP is related to a countable loss of significance. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted packets...
The vulnerability of the RemotePC software for providing remote access lies in its insecure management of privileges, allowing attackers to escalate their privileges.
The vulnerability of the RemotePC remote access software is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...