90709 matches found
The vulnerability of the aap-server in the Ansible configuration management system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the aap-server in the Ansible configuration management system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the My Timesheet Fiori 2.0 software component, which is used for workforce management in SAP HCM, allows a hacker to escalate their privileges.
The vulnerability of the My Timesheet Fiori 2.0 software, a personnel management solution for SAP HCM, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain elevated privileges...
The vulnerability of the SAP Business Planning and Consolidation solution for managing financial indicators allows a perpetrator to trigger a service failure.
The vulnerability of the SAP Business Planning and Consolidation solution for managing financial indicators is related to the lack of verification of input data for cyclical operations. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the My Timesheet Fiori 2.0 software component, which is used for workforce management in SAP HCM, allows a hacker to escalate their privileges.
The vulnerability of the My Timesheet Fiori 2.0 software, a personnel management solution for SAP HCM, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to gain elevated privileges...
The vulnerability of the Adobe Document Service component in SAP NetWeaver AS Java software integration platforms allows attackers to gain access to and modify system data.
The vulnerability of the Adobe Document Service component in SAP NetWeaver AS Java software integration platforms is related to its dependence on a vulnerable external component. Exploiting this vulnerability can allow attackers to gain access to and modify system data...
The vulnerability of the software for working with PDF files, UPDF for Windows operating systems, allows a hacker to execute arbitrary code.
The vulnerability of UPDF software for working with PDF files on Windows operating systems is related to an uncontrolled element in the search process. Exploiting this vulnerability can allow a perpetrator to execute arbitrary code...
The vulnerability of the write_headers() function in the cpp-httplib library, which allows a hacker to modify protected information
The vulnerability of the writeheaders function in the cpp-httplib library is related to the lack of measures taken to neutralize CRLF sequences. Exploiting this vulnerability could allow an attacker, operating remotely, to modify protected information by sending a specially crafted HTTP request...
The vulnerability of NVIDIA DGX OS workstations’ operating system for DGX Spark GB10 artificial intelligence systems involves insecure privilege management. This vulnerability allows a malicious actor to trigger service failures, access and modify sensitive information.
The vulnerability of NVIDIA DGX OS workstations for DGX Spark GB10 artificial intelligence systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to cause service failures, disclose, and modify protected information...
The vulnerability of the software for developing and executing applications in the ABAP language on the SAP NetWeaver Application Server ABAP lies in the lack of authentication procedures. This allows attackers to gain access to read profile parameters.
The vulnerabilities of the software used for developing and executing applications in the ABAP language of SAP NetWeaver Application Server are related to deficiencies in the authentication process. Exploiting these vulnerabilities can allow attackers to gain read access to profile parameters...
The vulnerability of the User Management Component (UMC) in the web-based industrial process management system SIMATIC PCS neo allows a attacker to trigger a service failure.
The vulnerability of the User Management Component UMC in the web-based system for managing technological processes of SIMATIC PCS neo is related to the violation of the buffer’s initial limit. Exploiting this vulnerability could allow an attacker, operating remotely, to cause a service failure...
The vulnerability of the Socket Appender component in the Apache Log4j Core API library allows a attacker to intercept log traffic.
The vulnerability of the Socket Appender component in the Apache Log4j Core API library implementation is related to improper verification of certificate authenticity. Exploiting this vulnerability could allow an attacker to intercept log traffic remotely...
The vulnerability of the web page rendering module in Safari browsers for WebKit operating systems—tvOS, iOS, iPadOS, watchOS, macOS, and visionOS—allows attackers to execute arbitrary code and gain full control over the device.
The vulnerability of the Web page rendering module in Safari browsers of the WebKit framework in operating systems such as tvOS, iOS, iPadOS, watchOS, macOS, and visionOS relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary co...
The vulnerability of the Calculator Builder plugin in the WordPress content management system arises from improper handling of file names for PHP functions like include or require. This allows attackers to gain unauthorized access to protected information or execute arbitrary code.
The vulnerability of the Calculator Builder plugin in the WordPress content management system is related to improper handling of file names for PHP functions like include or require. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or execut...
The vulnerability of the Magic the Gathering Card Tooltips plugin in the WordPress content management system, related to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Magic the Gathering Card Tooltips plugin in the WordPress content management system is related to the lack of protective measures for website structures. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks...
The vulnerability of the Manx and Sandcat plugins in the Caldera automated system for emulating intruder actions allows an intruder to execute arbitrary code.
The vulnerability of the Manx and Sandcat plugins in the Caldera intrusion simulation software involves a lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the FULL Customer Content Management System for WordPress plugins relates to improper handling of file names for PHP functions like include or require. This allows attackers to gain unauthorized access to protected information or execute arbitrary code.
The vulnerability of the FULL Customer Content Management System for WordPress involves improper handling of file names for PHP functions like include or require. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or execute arbitrary code...
The vulnerability of the VS6Sim.exe software, which is used for configuring HMI interfaces of Monitouch V-SFT and monitoring systems for TELLUS PLCs, allows a attacker to execute arbitrary code.
The vulnerability of the VS6Sim.exe program, which is used for configuring Monitouch V-SFT HMI interfaces and monitoring systems for TELLUS PLCs, lies in the escape of the operation beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending...
The vulnerability of the APPEND Command Handler FTP-server Freefloat FTP Server allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the APPEND Command Handler FTP-server Freefloat FTP Server lies in the execution of operations outside the buffer in memory. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The vulnerability of the formSetPPTPUserList() function in the Tenda AC10U router’s software allows a hacker to execute arbitrary code.
The vulnerability of the formSetPPTPUserList function in the Tenda AC10U router’s microprogramming software is related to the copying of buffers without checking the size of the input data when processing the list parameter. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) access control systems arises from the lack of measures taken to protect the website structure. This vulnerability allows attackers to perform cross-site scripting attacks (XSS).
The vulnerability of NetScaler ADC formerly Citrix ADC and the NetScaler Gateway access control system exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the software for managing bidding processes, Bidding Solutions, related to an error in token processing by LFS, allows a perpetrator to gain unauthorized access to user accounts.
The vulnerability of the software for managing bidding processes in Bidding Solutions is related to an error in token processing by LFS. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to user accounts...
The vulnerability of KYC Solutions’ software for customer identity verification, related to the disclosure of information in debugging messages, allows a violator to disclose protected information.
The vulnerability of KYC Solutions’ software for customer identity verification is related to the disclosure of information in debugging messages. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...
The vulnerability of the backup software regarding incorrect use of standard permissions allows a perpetrator to escalate their privileges and execute arbitrary commands.
The vulnerability of the backup software relates to errors in the use of standard permissions. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary commands by sending a specially created file...
The vulnerability of the `bs_GetManPwd` function in the `libblinkapi.so` library, located in the `/cgi-bin/lighttpd.cgi` file of the LB-LINK router software, allows a intruder to disclose protected information.
The vulnerability of the bsGetManPwd function in the libblinkapi.so library, located in the /cgi-bin/lighttpd.cgi file of the LB-LINK router software, is related to insufficient protection of operational data. Exploiting this vulnerability could allow an attacker to disclose sensitive information...
The vulnerability of the Docker-proxy software lies in its inability to properly clean up or release resources, allowing a malicious actor to cause service failures.
The vulnerability of the Docker-proxy software is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...
The vulnerability of the software implementation of the OTP mechanism for customer identity verification by KYC Solutions allows a perpetrator to gain unauthorized access to user accounts.
The vulnerability of the software implementation for the KYC Solutions’ customer identity verification mechanism is related to insufficient restrictions on authentication attempts. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to user...
The vulnerability of KYC Solutions’ software for customer identity verification, related to the transmission of user credentials in unencrypted form, allows a perpetrator to gain unauthorized access to users’ accounts.
The vulnerability of KYC Solutions’ software for customer identity verification is related to the transmission of user credentials in an unencrypted form. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to users’ account information...
The vulnerability of the AI Mortgage Calculator plugin of the WordPress content management system allows a hacker to gain unauthorized access to protected information.
The vulnerability of the AI Mortgage Calculator plugin of the WordPress content management system is related to improper handling of file names for PHP functions like include or require. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
The vulnerability of the microprogrammed software of the DVP-12SE11T controllers, related to writing outside the buffer boundaries, allows a intruder to disclose protected information and cause service failure.
The vulnerability of the microprogrammed software of the DVP-12SE11T controllers is related to writing outside the buffer boundaries. Exploiting this vulnerability can allow a malicious actor to disclose protected information and cause service failures...
The vulnerability of the Autodesk Installer installation process, related to errors in privilege management, allows a perpetrator to elevate their privileges and execute arbitrary code.
The vulnerability of the Autodesk Installer installation program is related to errors in privilege management. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...
The vulnerability of the `sess_get_uid()` function in D-Link DIR-600 router software allows a hacker to execute arbitrary code.
The vulnerability of the sessgetuid function in D-Link DIR-600 router microprogramming software is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted HTTP request...
The vulnerability of the Mailgen.generatePlaintext(email) method in the Mailgen package of the Node.js software platform allows a attacker to execute arbitrary HTML code.
The vulnerability of the Mailgen.generatePlaintextemail method in the Mailgen package of the Node.js software platform is related to the lack of security measures for handling web page structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code remotely...
The vulnerability of the Events Calendar plugin of the WordPress content management system lies in the lack of protection for the SQL query structure. This allows attackers to execute arbitrary SQL queries and gain unauthorized access to protected information.
The vulnerability of the Events Calendar plugin of the WordPress content management system is related to the lack of protection for the SQL query structure when processing the “s” parameter. Exploitation of this vulnerability can allow an attacker to execute arbitrary SQL queries and gain...
The vulnerability of the Cisco Catalyst Center (formerly Cisco DNA Center) network infrastructure management system, related to access control errors, allows a intruder to gain unauthorized access to protected information or enhance their privileges.
The vulnerability of the Cisco Catalyst Center formerly Cisco DNA Center network infrastructure management system is related to access control errors. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information or increase their privileges by...
The vulnerability of KYC Solutions’ software for customer identity verification lies in the implementation of security features on the client side, which allow attackers to circumvent existing security restrictions.
The vulnerability of KYC Solutions’ software for customer identity verification is related to the implementation of security features at the client side. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...
The vulnerability of the sub_42261C() function in D-Link’s router microprogramming systems DWR-M920 and DIR-822K allows a hacker to execute arbitrary code.
The vulnerability of the sub42261C function in D-Link’s router microprogramming systems, DWR-M920 and DIR-822K, is related to the execution of an operation outside the buffer in memory when processing the argumenip6addr. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the web interface of the Yealink T21P_E2 microprogramming software for IP phones allows a perpetrator to execute arbitrary code.
The vulnerability of the web interface of Yealink T21PE2 microprogramming software for IP phones is related to the lack of measures taken at the management level to protect data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted POST...
The vulnerability of CNCSoft’s numerical control software lies in buffer overflows in its dynamic memory, allowing attackers to execute arbitrary code.
The vulnerability of CNCSoft’s numerical control software is related to buffer overflow in its dynamic memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created DVP file...
The vulnerability of the Advantech WebAccss/SCADA SCADA system, related to incorrect restrictions on the path name to the catalog, allows a intruder to write arbitrary files.
The vulnerability of the Advantech WebAccss/SCADA SCADA system is related to incorrect restrictions on the path name to the catalog. Exploiting this vulnerability allows a malicious actor to write arbitrary files...
The vulnerability of Tenda WH450 router microprogramming software, related to the execution of operations outside the buffer in memory, allows a hacker to execute arbitrary code or cause a service failure.
The vulnerability of Tenda WH450 router microprogramming software is related to the execution of an operation beyond the buffer in memory when processing the parameter ssidindex for the destination point /goform/onSSIDChange. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of the Advantech WebAccss/SCADA SCADA system, related to incorrect restrictions on the path to the restricted access catalog, allows a intruder to delete any files they want.
The vulnerability of the Advantech WebAccss/SCADA SCADA system is related to incorrect restrictions on the path to the restricted access catalog. Exploiting this vulnerability could allow a malicious actor to delete any files they desire...
The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to bypassing authentication through spoofing, allows attackers to connect themselves to any organizations they choose.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the ability to bypass authentication through spoofing. Exploiting this vulnerability allows a malicious actor, operating remotely, to connect to arbitrary organizations by modifying the...
The vulnerability of the Advantech WebAccss/SCADA SCADA system, related to the lack of protective measures for the SQL query structure, allows a perpetrator to execute arbitrary commands.
The vulnerability of the Advantech WebAccss/SCADA SCADA system lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...
The vulnerability of the Advantech WebAccss/SCADA SCADA system, related to the unlimited loading of dangerous type files, allows a intruder to execute arbitrary code.
The vulnerability of the Advantech WebAccss/SCADA SCADA system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Advantech WebAccss/SCADA SCADA system lies in the incorrect limitation of the path name to the restricted access catalog, allowing attackers to write arbitrary files.
The vulnerability of the Advantech WebAccss/SCADA SCADA system is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious actor to write arbitrary files...
The vulnerability of the CmpVisuServer component in the CODESYS industrial automation software suite allows a malicious individual to trigger a service failure.
The vulnerability of the CmpVisuServer component in the CODESYS industrial automation software suite is related to data type conversion errors. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the SysSocket library in the CODESYS Control environment allows a hacker to cause a service failure.
The vulnerability of the SysSocket library in the CODESYS Control environment is related to the execution of operations outside the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the FTP server’s web interface allows attackers to escalate their privileges and execute arbitrary code.
The vulnerability of the FTP server interface of Wing FTP Server is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code remotely...
The vulnerability of the Reports module of the monitoring, analysis, and reporting software ManageEngine Exchange Reporter Plus allows a perpetrator to perform cross-site scripting attacks.
The vulnerability of the Reports module in the ManageEngine Exchange Reporter Plus software monitoring, analysis, and reporting tool exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting...
The vulnerability of the Internet Explorer browser, related to incorrect path name restrictions for access to restricted catalogs, allows attackers to execute arbitrary code or enhance their privileges within the system.
The vulnerability of the Internet Explorer browser is related to incorrect restrictions on the path to the restricted access catalog. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or gain increased privileges within the system...