The vulnerability in the web-based interfaces of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager allows a perpetrator to execute arbitrary commands.

The vulnerability of the Web interface for managing Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager systems relates to incorrect elimination of certain elements in the output data. Exploiting this vulnerability could allow a malicious actor to execute...

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a attacker to execute XSS attacks.

The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform is related to deficiencies in the security measures used to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...

The vulnerability of the HTTP POST Request Handler component of the formSetSafeWanWebMan() function in the Tenda AC9 router’s microprogramming system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HTTP POST Request Handler component of the formSetSafeWanWebMan function in the Tenda AC9 router’s microprogramming system is related to buffer overflow in the stack during the processing of the remoteIp parameter. Exploiting this vulnerability allows an attacker to...

The vulnerability of the sub_F3C8C function in the Tenda CP3 IP camera software allows a intruder to execute arbitrary code.

The vulnerability of the subF3C8C function in the Tenda CP3 IP camera software relates to the lack of measures taken to clean data at the control level. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the HTTP POST Request Handler component of the fromadvsetlanip() function in the Tenda AC9 router’s microprogramming system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HTTP POST Request Handler component of the fromadvsetlanip function in the Tenda AC9 router’s microprogramming system is related to buffer overflow in the stack during the processing of the lanMask parameter. Exploiting this vulnerability allows an attacker to compromise...

The vulnerability of the setWiFiRepeaterCfg() function in the microprogrammed software of the TOTOLink T10 routers allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setWiFiRepeaterCfg function in the TOTOLink T10 router’s microprogramming system arises due to buffer overflow when processing the password parameter. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the UploadCustomModule() function in the TOTOLink T10 router software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the UploadCustomModule function in the TOTOLink T10 router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the `setUpgradeFW()` function in the TOTOLink T10 router software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the setUpgradeFW function in TOTOLink T10 router microprogramming software is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of...

The vulnerability of the FactoryTalk Services Platform, related to buffer overflows in dynamic memory, can lead to service failures.

The vulnerability of the FactoryTalk Services Platform lies in the overflow of memory buffer in dynamic memory. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

The vulnerability of the synchronization application for Qsync Central files relates to the lack of security measures for the SQL query structure, allowing a hacker to execute arbitrary code.

The vulnerability of the Qsync Central file synchronization application is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the setSystemEmail() function in D-Link DCS-932L microprogrammed video cameras allows a intruder to execute arbitrary code or cause a service failure.

The vulnerability of the setSystemEmail function in D-Link DCS-932L microprogrammed surveillance cameras is related to the issue where the operation data is written outside of the buffer in memory when processing the EmailSMTPPortNumber parameter. Exploiting this vulnerability allows a remote...

The vulnerability of the built-in web server boa (/boafrm/formStats) of the TOTOLINK X15 router’s microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the built-in web server boa /boafrm/formStats of the TOTOLINK X15 router’s microprogramming software is related to the copying of buffers without checking the size of input data during the processing of the submit-url parameter. Exploiting this vulnerability allows a remote...

The vulnerabilities of the DBMS_XMLGEN and DBMS_XMLQUERY functions of the XWiki Platform, a platform for creating collaborative web applications. This allows attackers to execute arbitrary code.

The vulnerability of the DBMSXMLGEN and DBMSXMLQUERY functions of the XWiki Platform for creating collaborative web applications is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending...

The vulnerability of the built-in web server boa (/boafrm/formFilter) of TOTOLINK EX1200T router microprogramming software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the built-in web server boa /boafrm/formFilter of TOTOLINK EX1200T routers is caused by buffer overflow. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information by sending a specially crafte...

The vulnerability of the formSetRebootTimer() function (/goform/SetRebootTimer) in the Tenda AC5 router’s microprogramming software allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the formSetRebootTimer function /goform/SetRebootTimer in the Tenda AC5 router’s microprogramming software is related to the issue of the operation exceeding the buffer boundaries in memory when processing the rebootTime parameter. Exploiting this vulnerability allows an...

The vulnerability of the Autodesk On-Demand Install Services (AdODIS) software update service allows a hacker to elevate their privileges to the level of NT AUTHORITY/SYSTEM.

The vulnerability of the Autodesk On-Demand Install Services AdODIS software update service is related to the use of an unreliable search path. Exploiting this vulnerability can allow an attacker to elevate their privileges to the NT AUTHORITY/SYSTEM level by loading a specially crafted binary fi...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages lies in the incorrect limitation of file names and other resources, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to incorrect restrictions on file names and other resources. Exploiting this vulnerability could allow a perpetrator to execute arbitrary code...

The vulnerability of the mrxsmb.sys driver on Microsoft Windows SMB Client operating systems allows a hacker to elevate their privileges and execute arbitrary commands.

The vulnerability of the mrxsmb.sys driver for Microsoft Windows SMB Client operating systems is related to deficiencies in access control due to authentication relaying. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary commands remotely...

The vulnerability of the EVLink WallBox software lies in the incorrect limitation of the path name to the restricted access catalog, allowing a violator to write arbitrary files.

The vulnerability of the EVLink WallBox software is related to incorrect restrictions on the path name to the restricted access catalog. Exploiting this vulnerability could allow a remote attacker to write arbitrary files...

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform lies in the lack of a mechanism for verifying the authenticity of incoming RFC requests. This allows attackers to increase their privileges.

The vulnerability of the SAP NetWeaver Application Server ABAP software integration platform is related to the absence of a mechanism for verifying the authenticity of incoming RFC requests during processing. Exploiting this vulnerability allows an attacker operating remotely to increase their...

The vulnerability of the notification module of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute arbitrary code.

The vulnerability of the notification module of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

The vulnerability of the Service Account Auditing service of the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus allows a perpetrator to execute arbitrary code.

The vulnerability of the Service Account Auditing service in the Windows Active Directory management and reporting software Zoho ManageEngine ADAudit Plus is related to the lack of security measures for the SQL query structure. Exploitation of this vulnerability could allow a malicious actor to...

The vulnerability of Microsoft Office packages, Microsoft 365 Apps for Enterprise, and the Microsoft Outlook email client arises from insufficient validation of input data, allowing an attacker to execute arbitrary code.

The vulnerabilities of Microsoft Office packages, Microsoft 365 Apps for Enterprise, and the Microsoft Outlook email client are related to insufficient validation of input data. Exploiting these vulnerabilities can allow attackers to execute arbitrary code...

The vulnerability of the JavaScript “Promise” object in browsers such as Mozilla Firefox and Firefox ESR allows a perpetrator to execute arbitrary code.

The vulnerability of the JavaScript “Promise” object in Mozilla Firefox and Firefox ESR browsers is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code remotely...

The vulnerability of Mozilla Firefox ESR and the Thunderbird email client relates to the execution of operations beyond the buffer boundaries in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Mozilla Firefox ESR and the Thunderbird email client is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser and the Thunderbird email client is related to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Update Handler component in Mozilla Firefox, Mozilla Firefox ESR, and the Mozilla Thunderbird email client allows a hacker to escalate their privileges.

The vulnerability of the Update Handler component in Mozilla Firefox, Mozilla Firefox ESR, and the email client Mozilla Thunderbird is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

The vulnerability of the Thunderbird email client, related to synchronization errors when using a shared resource, allows a hacker to execute arbitrary code.

The vulnerability of the Thunderbird email client is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application allows a attacker to compromise the integrity of the protected information.

The vulnerability of the Web Access component of the Oracle Primavera P6 Enterprise Project Portfolio Management application relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to compromise the integrity of the protected information...

The vulnerability of the XML Parser component in the software development environment gSOAP allows a attacker to trigger a service failure.

The vulnerability of the XML Parser component in the gSOAP software development environment is related to accessing memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to cause a service failure by sending specially crafted requests...

The vulnerability of the General component of Oracle Secure Backup software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the General component of Oracle Secure Backup is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Vulnerability of the Cluster component: The general system for managing MySQL Cluster databases and the Server component: The Oracle MySQL Server parser, which allows a hacker to cause a service failure.

Vulnerability of the Cluster component: The general system for managing MySQL Cluster databases and the Server component: The Oracle MySQL Server parser are vulnerable due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker to cause service...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages relates to the execution of operations beyond the buffer in memory, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Region Mapping component of the Oracle Advanced Outbound Telephony application, which allows a perpetrator to compromise the confidentiality and integrity of the protected information

The vulnerability of the Region Mapping component in the Oracle Advanced Outbound Telephony application is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protected information...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise applications relates to the use of memory after it is freed, allowing an attacker to execute arbitrary code.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise applications is related to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system allows a hacker to gain unauthorized access to read, add, modify, or delete data.

The vulnerability of the Chatbot component of Oracle Financial Services’ Revenue Management and Billing system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to read, add, modify, or delete...

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages, related to data type mixing errors, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Office and Microsoft 365 Apps for Enterprise packages is related to data type mixing errors. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

The vulnerability of the Common Log File System Driver for Microsoft Windows operating systems allows attackers to gain increased privileges.

The vulnerability of the Common Log File System Driver for Microsoft Windows operating systems is related to operations that go beyond the buffer in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the microprogramming software of the Elspec G5 digital event recorder, related to the use of default administrative account information, allows a intruder to gain unauthorized access to the device.

The vulnerability of the microprogramming software of the Elspec G5 digital event recorder is related to the use of default administrative account information. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to the device...

The vulnerability of the WebDAV protocol implementation in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WebDAV protocol implementation in Windows operating systems is related to the loading of files of a dangerous type due to improper external control of the name or file. Exploiting this vulnerability allows a malicious actor to execute arbitrary code when a user accesses a...

The vulnerability in Mozilla Firefox and Firefox ESR browsers allows a hacker to execute arbitrary code.

The vulnerability of Mozilla Firefox and Firefox ESR browsers is related to writing beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the library for processing HTTP requests in the HTTP_Request2 VPN-client Tunnelblick, related to the disclosure of information through test directories, allows a perpetrator to carry out XSS attacks and elevate their privileges to the root level.

The vulnerability of the library for processing HTTP requests in the HTTPRequest2 VPN-client Tunnelblick component is related to the disclosure of information through the tests/network/getparameters.php and tests/network/postparameters.php directories. Exploiting this vulnerability allows a remot...

The vulnerability of the transmit_file scenario in Quantenna’s microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the transmitfile scenario in Quantenna’s microprogramming software is related to the implementation or modification of arguments. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

The vulnerability of the runcmd() function in the router_command.sh script of Quantenna’s Wi-Fi chip microprogramming system allows a hacker to execute arbitrary commands.

The vulnerability of the runcmd function in the routercommand.sh script of Quantenna’s Wi-Fi chip microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...

The vulnerability of the sync_time() function in the router_command.sh script of Quantenna’s Wi-Fi chip microprogramming software allows a hacker to execute arbitrary commands.

The vulnerability of the synctime function in the routercommand.sh script of Quantenna’s Wi-Fi chip microprogramming software is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

The vulnerability of the get_syslog_from_qtn() function in the router_command.sh script of the Quantenna Wi-Fi chip’s software allows a hacker to execute arbitrary commands.

The vulnerability of the getsyslogfromqtn function in the routercommand.sh script of the Quantenna Wi-Fi chip’s microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

The vulnerability of the put_file_to_qtn() function in the router_command.sh script of the Quantenna Wi-Fi chip’s software allows a hacker to execute arbitrary commands.

The vulnerability of the putfiletoqtn function in the routercommand.sh script of the Quantenna Wi-Fi chip’s microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

The vulnerability of the get_file_from_qtn() function in the router_command.sh script of the Quantenna Wi-Fi chip’s software allows a hacker to execute arbitrary commands.

The vulnerability of the getfilefromqtn function in the routercommand.sh script of the Quantenna Wi-Fi chip’s microprogramming system is related to the implementation or modification of arguments. Exploiting this vulnerability could allow a perpetrator to execute arbitrary commands...

The vulnerability in the `set_tx_pow` function of Quantenna’s Wi-Fi chip software allows a hacker to execute arbitrary commands.

The vulnerability of the settxpow function in Quantenna’s Wi-Fi chips relates to the implementation or modification of certain arguments. Exploiting this vulnerability could allow an attacker to execute arbitrary commands...

The vulnerability of the web application for the basic configuration of devices under Revolution Pi OS, specifically the Bullseye device, is related to deficiencies in the authentication process. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the web application for the basic configuration of devices under the Revolution Pi OS operating system, Bullseye, is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and...