90709 matches found
The vulnerability of the Firmware Update Service software in D-Link DCS-850L video surveillance cameras allows a intruder to gain unauthorized access to protected information.
The vulnerability of the Firmware Update Service in D-Link DCS-850L video surveillance cameras is related to an incorrect limit on the path to the restricted directory during the processing of the DownloadFile parameter. Exploiting this vulnerability can allow an attacker to gain unauthorized...
The vulnerability of the ping function in the iputils utility, which allows a hacker to cause a service failure
The vulnerability of the ping function in the iputils utility is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to cause a service failure using a specially created ICMP Echo Reply packet...
The vulnerability of the formSetRemoteInternetLanInfo() function (/goform/setInternetLanInfo) in the Tenda M3 router software allows a hacker to cause a service failure.
The vulnerability of the formSetRemoteInternetLanInfo function /goform/setInternetLanInfo in the Tenda M3 router software lies in the issue of the operation going beyond the buffer in memory when processing parameters such as portIp, portMask, portGateWay, portDns, and portSecDns. Exploiting this...
The vulnerability in the cmdOk.xml script of the “Smart Home” system creation platform Lares 4.0 allows a hacker to redirect a user to an arbitrary URL address.
The vulnerability in the cmdOk.xml script of the “Smart Home” system Lares 4.0 involves redirecting the URL to an unreliable website when processing the redirectPage parameter. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address...
The vulnerability of the Lares 4.0 platform for creating a “Smart Home” system, which stems from the use of strictly encrypted user data, allows a intruder to gain full control over the system or cause service interruptions.
The vulnerability of the Lares 4.0 platform for creating a “Smart Home” system lies in the use of strictly encrypted user credentials. Exploiting this vulnerability could allow an attacker, operating remotely, to gain full control over the system or cause service interruptions...
The vulnerability of the Windows Operating System’s Telephony Service allows attackers to exploit their privileges.
The vulnerability of the Windows Operating System’s Telephony Service is related to improper external management of file names or file paths. Exploiting this vulnerability can allow an attacker to increase their privileges remotely...
The vulnerability of the MongoDB database management system’s server allows a hacker to cause a service failure.
The vulnerability of the MongoDB database management system server is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...
The vulnerability of the microprogrammed software of the DVP-12SE11T controllers, related to bypassing authentication using an alternative path or channel, allows a perpetrator to circumvent security restrictions.
The vulnerability of the DVP-12SE11T controller’s microprogramming software relates to the ability to bypass authentication using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to circumvent security restrictions from a remote location...
The vulnerability in the `makeProcessFunction()` function of the `/applications/core/modules/front/system/themeeditor.php` file of the Invision Community (formerly IPS Community Suite) software allows a malicious user to execute arbitrary PHP code.
The vulnerability of the makeProcessFunction function in the /applications/core/modules/front/system/themeeditor.php file of the Invision Community formerly IPS Community Suite software for managing web forums involves a lack of measures to eliminate special elements in the template creation...
The vulnerability of the LenelS2 NetBox access control and event monitoring system, due to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the LenelS2 NetBox access control and event monitoring system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the Remote Access Connection Manager (RASMan) service on Windows operating systems allows a hacker to induce a service failure.
The vulnerability of the Remote Access Connection Manager RASMan service for Windows operating systems is related to pointer swapping errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the Special Character Handler component in the Radware Cloud software firewall allows attackers to disclose protected information.
The vulnerability of the Special Character Handler component in the Radware Cloud software firewall is related to access control errors. Exploiting this vulnerability can allow a malicious actor to disclose protected information through a specially created HTTP request...
The vulnerability of the web interface of Tenda 4G03 Pro software for routers allows a perpetrator to execute arbitrary commands.
The vulnerability of the web interface of Tenda 4G03 Pro microprogramming software for routers is related to the lack of measures taken to protect data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a specially crafted...
The vulnerability of the Snapshots module of the Nagios Log Server monitoring and analysis software allows a hacker to perform cross-site scripting attacks.
The vulnerability of the Snapshots module of the Nagios Log Server monitoring and analysis software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the user interface of the Headlamp software for controlling clusters of virtual machines in Kubernetes allows a hacker to execute arbitrary commands.
The vulnerability of the user interface of the Headlamp software for controlling clusters of virtual machines in Kubernetes is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows an attacker to execute...
The vulnerability of the user interface of Cisco WebEx Meetings software allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the user interface of Cisco WebEx Meetings software is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the crypto++ C++ programming language library, related to incorrect authorization, allows attackers to execute arbitrary code.
The vulnerability of the crypto++ C++ programming language library is related to incorrect authorization. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the microprogrammed network device UTT 1200GW and UTT 1250GW lies in the copying of buffers without checking the size of the input data. This allows a hacker to execute arbitrary code.
The vulnerability of the microprogrammed network devices UTT 1200GW and UTT 1250GW lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the fromDhcpListClient() function in the Tenda CH22 router software allows a attacker to trigger a service failure.
The vulnerability of the fromDhcpListClient function in the Tenda CH22 router software relates to the improper release of resources. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failure by sending a specially crafted POST request...
The vulnerability of the Go programming language, related to the shortcomings in the authentication process, allows attackers to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Go programming language is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker, operating remotely, to compromise the confidentiality and integrity of the protected information...
The vulnerabilities of the functions bind_interdomain_evtchn_to_irq_lateeoi(), find_virq(), and bind_virq_to_irq() (drivers/xen/events/events_base.c) in the Linux operating system kernel allow a malicious actor to trigger a service failure.
The vulnerabilities of the functions bindinterdomainevtchntoirqlateeoi, findvirq, and bindvirqtoirq drivers/xen/events/eventsbase.c in the Linux kernel are related to resource management errors. Exploiting these vulnerabilities can allow an attacker to cause service failures...
The vulnerability of the 389-ds-base package for Debian GNU/Linux and Red Hat Enterprise Linux systems allows a hacker to trigger a service failure.
The vulnerability of the 389-ds-base package for Debian GNU/Linux and Red Hat Enterprise Linux relates to the use of a zero pointer. Exploiting this vulnerability could allow an attacker, operating remotely, to cause service interruptions...
The vulnerability of the JWT Signing Key Handler component in the OneLogin software, which allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the JWT Signing Key Handler component in the OneLogin AD Connector software involves bypassing authentication through spoofing. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
The vulnerability of the ate_ifconfig_set() function in Tenda AC7 router software allows a hacker to execute arbitrary commands.
The vulnerability of the ateifconfigset function in Tenda AC7 router software relates to the failure to take measures to neutralize special elements used in operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of Cisco WebEx Meetings software lies in the redirection of URLs to unreliable websites, allowing attackers to redirect users to arbitrary URL addresses.
The vulnerability of Cisco WebEx Meetings software relates to the redirection of URLs to unreliable websites. Exploiting this vulnerability allows a malicious actor to redirect users to arbitrary URL addresses...
The vulnerability of the LenelS2 NetBox access control and event monitoring system, due to the lack of measures taken to protect the website structure, allows unauthorized access by attackers to the protected information.
The vulnerability of the LenelS2 NetBox access control and event monitoring system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the HTTP GET Request Handler component in the Radware Cloud software firewall allows attackers to disclose protected information.
The vulnerability of the HTTP GET Request Handler component in the Radware Cloud software firewall is related to access control errors. Exploiting this vulnerability can allow a malicious actor to disclose protected information through a specially created HTTP request...
The vulnerability of the Sitecore Experience Manager (XM), Experience Platform (XP), and the Experience Commerce (XC) platform for personalized purchasing processes lies in errors in processing the relative path to the catalog. This allows attackers to gain access to arbitrary files and execute arbitrary code.
The vulnerability of the Sitecore Experience Manager XM, Experience Platform XP, and the Experience Commerce XC platform for personalized purchasing processes is related to errors in processing the relative path to the catalog. Exploiting this vulnerability can allow an attacker to gain access to...
The vulnerability of the formPictureUrl component in the microprogramming software for UTT HiPER 840G allows a attacker to cause a service failure.
The vulnerability of the formPictureUrl component in the UTT HiPER 840G router microprogramming system is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the formSetAdPushInfo() function (/goform/setAdPushInfo) in the Tenda M3 router software allows a hacker to trigger a service failure.
The vulnerability of the formSetAdPushInfo function /goform/setAdPushInfo in the Tenda M3 router software is related to the issue where the operation exits the buffer boundaries into memory when processing parameters like mac and terminal. Exploiting this vulnerability could allow a malicious act...
The vulnerability of the strcpy() function in the microprogramming software for UTT 512W allows a hacker to execute arbitrary code.
The vulnerability of the strcpy function in the UTT 512W router microprogramming system is related to copying buffers without checking the size of the input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code by sending a specially crafted POST request...
The vulnerability of the MongoDB database management system’s server allows a hacker to cause a service failure.
The vulnerability of the MongoDB database management system server is related to the lack of authentication. Exploiting this vulnerability allows a malicious actor to cause service interruptions...
The vulnerability of Google Chrome’s browser, related to improper protection of physical external channels, allows attackers to circumvent existing security restrictions.
The vulnerability of Google Chrome relates to improper protection of physical external channels. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions using a specially created HTML page...
The vulnerability of the “Create User” function of the Nagios Log Server monitoring and analysis software allows a perpetrator to perform cross-site scripting attacks.
The vulnerability of the “Create User” function in the Nagios Log Server monitoring and analysis software exists due to insufficient validation or filtering of data entered by users. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the formSetPPTPUserList() function in the Tenda AC23 router software allows a intruder to trigger a service failure.
The vulnerability of the formSetPPTPUserList function in the Tenda AC23 router’s microprogramming software is related to the operation of writing data outside the buffer in memory when processing the list parameter. Exploiting this vulnerability could allow a malicious actor to cause service...
The vulnerability of the ThreatSonar Anti-Ransomware detection and response mechanism lies in its failure to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code.
The vulnerability of ThreatSonar Anti-Ransomware in detecting and responding to threats stems from the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the strcpy() function in the /goform/formTaskEdit file of the UTT HiPER 840G router’s microprogramming system, which allows a attacker to cause a service failure.
The vulnerability of the strcpy function in the /goform/formTaskEdit module of the UTT HiPER 840G microprogramming router software is related to the use of memory after deallocation. Exploiting this vulnerability could allow an attacker to cause service failure...
The vulnerability of the usbnet_resume_rx() function in the drivers/net/usb/usbnet.c module of the Linux kernel allows a hacker to induce a service failure.
The vulnerability of the usbnetresumerx function in the drivers/net/usb/usbnet.c module of the Linux kernel is related to resource management errors. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the httpd-daemon (/usr/sbin/httpd) of the Tenda 4G03 Pro router’s microprogramming system allows a perpetrator to execute arbitrary commands.
The vulnerability of the httpd-daemon /usr/sbin/httpd of the Tenda 4G03 Pro router’s microprogramming software is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands by sending a speciall...
The vulnerability of the internal communication and emergency notification system Zenitel VS-IS, due to the failure to take measures to clean up data at the management level, allows a perpetrator to execute arbitrary commands.
The vulnerability of the internal communication and emergency notification system Zenitel VS-IS is related to the failure to take measures for data cleaning at the management level. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Logstash data collection system allows a malicious user to execute arbitrary code with root privileges and gain full control over the application. This vulnerability in Nagios Log Server enables a hacker to perform unauthorized actions.
The vulnerability of the Logstash data collection system, a software monitoring and logging analysis tool for Nagios Log Servers, is related to errors in privilege management. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code with root privileges and...
The vulnerability of the Zimbra Collaboration Suite’s email management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.
The vulnerability of the Zimbra Collaboration Suite email management system is related to the lack of measures taken to protect the structure of the web page during processing of the /h/rest endpoint. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
The vulnerability of the microprogrammed software of the DVP-12SE11T controllers, related to insufficient validation of input data, allows a intruder to trigger a service failure.
The vulnerability of the microprogrammed software of the DVP-12SE11T controllers is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause malfunctions in the system...
The vulnerability of the microprogrammed software of the DVP-12SE11T controllers, related to insufficient protection of operational data, allows a intruder to bypass the authentication process.
The vulnerability of the microprogrammed software of the DVP-12SE11T controllers is related to insufficient protection for operational data. Exploiting this vulnerability could allow a malicious actor to bypass authentication procedures remotely...
The vulnerability of the JWT Signing Key Handler component in the OneLogin software, which allows a malicious individual to gain unauthorized access to protected information.
The vulnerability of the JWT Signing Key Handler component in the OneLogin AD Connector software allows unauthorized access to protected information in the error-prone data area. Exploiting this vulnerability can enable a malicious actor to gain unauthorized access to sensitive data...
The vulnerability of the ate_iwpriv_set() function in Tenda AC7 router software allows a hacker to execute arbitrary commands.
The vulnerability of the ateiwprivset function in Tenda AC7 router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the Linux operating system’s kernel, related to errors during link counter updates, allows a hacker to trigger a service failure.
The vulnerability of the Linux operating system’s kernel is related to errors during the update of the link counters. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the LenelS2 NetBox access control and event monitoring system, due to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of the LenelS2 NetBox access control and event monitoring system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the MICROSENS NMP Web+ network management platform lies in the use of pre-installed security-related data, which allows attackers to circumvent existing security restrictions.
The vulnerability of the MICROSENS NMP Web+ network management platform lies in the use of pre-installed data related to security. Exploiting this vulnerability could allow a malicious actor to bypass existing security restrictions remotely...
The vulnerability of the MICROSENS NMP Web+ network management platform lies in the incorrect limitation of the path name to the restricted directory, allowing an attacker to execute arbitrary codes.
The vulnerability of the MICROSENS NMP Web+ network management platform lies in incorrect restrictions on the path name to the restricted catalog. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...