13538 matches found
HP System Management Home Page Command Injection (CVE-2013-3576)
A Remote PHP Code Injection has been reported in HP System Management. The vulnerability is due to improper input validation. A remote attacker can exploit this issue by sending a malicious request containing a specially crafted parameter to the target server. Successful exploitation would result...
Multiple Vendors RPC librpc.dll Stack Buffer Overflow (CVE-2009-2754)
Remote Procedure Call RPC is a protocol that a program can use to request a service from a program located on another computer in a network. The librpc.dll handles the RPC protocol parsing. A buffer overflow vulnerability exists in IBM's Informix Dynamic Server and EMC's Legato Networker. The...
Oracle Database DBMS_JAVA.SET_OUTPUT_TO_JAVA Privilege Escalation (CVE-2010-0866; CVE-2010-0867)
Oracle Database Server is an enterprise-level relational database application suite. A vulnerability exists in Oracle Database 11g server that could allow users with limited privileges to execute SQL commands with System privileges on the server. The vulnerability is due to an access control...
Internet Explorer DHTML Objects Memory Corruption (MS07-069; CVE-2007-5347)
Microsoft Internet Explorer IE is a web browser application that is capable of rendering both static and dynamic web content. The application is primarily used for tasks related to web browsing, such as displaying HTML encoded pages, downloading files, etc. A memory corruption vulnerability exist...
Apple iTunes Protocol Handler Stack Buffer Overflow (CVE-2009-0950)
Apple iTunes is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files. When iTunes is installed, it registers itself with the host Operating System as a protocol handler for several application URL schemes. A buffer overflow...
HP OpenView Network Node Manager Multiple Parameters Buffer Overflow (CVE-2009-0920; CVE-2009-0921)
The Network Node Manager NNM is an HP OpenView product which manages networks.It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running over the network. Multiple buffer overflow vulnerabilities were reported in HP OpenView...
WordPress Remote Code Execution (CVE-2021-44223)
A remote code execution vulnerability exists in WordPress. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
WordPress WP Statistics Plugin SQL Injection (CVE-2022-25148)
An SQL injection vulnerability exists in WordPress WP Statistics Plugin. Successful exploitation of this vulnerability could result in the execution of arbitrary SQL statements on the affected system...
Schneider Electric Struxureware Data Center Expert Command Injection (CVE-2021-22795)
A command-injection vulnerability exists in Schneider Electric Struxureware Data Center Expert. The vulnerability is due to improper validation of user-supplied input...
Linear eMerge Arbitrary File Upload (CVE-2019-7257)
A vulnerability exists in Linear eMerge E3 devices. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Apache Druid Remote Code Execution (CVE-2021-25646)
A remote code execution vulnerability exists in Apache Druid. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Trendmicro Threat Discovery Appliance Directory Traversal (CVE-2016-7552)
An authentication bypass vulnerability exists in TrendMicro Threat Discovery Appliance. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
TCPDF Phar Insecure Deserialization (CVE-2018-17057)
A remote code execution vulnerability exists in LimeSurvey. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
PHPMailer Local Information Disclosure (CVE-2017-5223) - Ver2
An information disclosure vulnerability exists in PHPMailer. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Command Injection - Ver2 (CVE-2007-3010)
...
Sophos Web Protection Appliance patience.cgi Directory Traversal (CVE-2013-2641)
A directory traversal vulnerability has been reported in Sophos Web Protection Appliance, specifically on the /cgi-bin/patience.cgi component. A remote attacker can exploit this issue by reading arbitary files from the filesystem. These files include configuration files containing sensitive...
Ipswitch TFTP Server Information disclosure (CVE-2009-1730)
A directory traversal vulnerability has been reported in Ipswitch TFTP Server. The vulnerability is caused due to improper validation of certain requests. A remote attacker can exploit this issue by sending a specially crafted TFTP packet to the target. Successful exploitation would allow an...
HP Power Manager formExportDataLogs Buffer Overflow (CVE-2009-3999)
HP Power Manager is a web-based application for managing a HP Uninterruptible Power System UPS through a browser-based management console. It allows to monitor, manage, and control a single UPS locally and remotely. A buffer overflow vulnerability was reported in HP Power Manager. The vulnerabili...
Trend Micro ServerProtect RPC Multiple Buffer Overflows (CVE-2007-1070; CVE-2007-2508; CVE-2007-4218)
Trend Micro ServerProtect is prone to multiple buffer overflow vulnerabilities. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable system via a specially crafted...
Microsoft Windows Server Service RPC Request Buffer Overrun (MS06-040; CVE-2006-3439)
The Server Service SRVSVC is one of the network services supplied by Microsoft. It supports file, print, and named-pipe sharing over Windows-based networks, and allows named pipe communication between applications running on distributed systems. By supplying malformed parameters to some of the AP...
TP-Link TL-WR840N Command Injection (CVE-2022-25061)
A command injection vulnerability exists in TP-Link TL-WR840N. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Necta LLC WiFi Mouse Command Injection (CVE-2022-3218)
A command injection vulnerability exists in Necta LLC WiFi Mouse. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
InHand Networks InRouter 900 Industrial 4G Router Command Injection (CVE-2022-27268; CVE-2022-27273; CVE-2022-27275; CVE-2022-27276)
A command injection vulnerability exists in InHand Networks InRouter 900 Industrial 4G Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
AtomCMS Arbitrary File Upload (CVE-2022-25487)
An arbitrary file upload vulnerability exists in AtomCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Moxa MXView Denial of Service (CVE-2017-7456)
A denial of service vulnerability exists in Moxa MXView. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Advantech iView SQL Injection (CVE-2022-2135)
A SQL injection vulnerability exists for Advantech iView. This vulnerability is due to improper input validation for the segment parameter in the findCfgDeviceList process...
Monitorr Remote Code Execution (CVE-2020-28871)
A remote code execution vulnerability exists in Monitorr. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Webmin Command Injection (CVE-2020-35606; CVE-2022-36446)
A command injection vulnerability exists in Webmin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft Windows Uniscribe Memory Corruption (CVE-2010-2738)
A memory corruption vulnerability exists in Microsoft Windows. The vulnerability is due to improper input validation of a table in the TrueType font layout. Remote attacker could trigger this flaw by enticing a user to open a specially crafted TTF file. Successful exploitation could result in a...
Roundcube Webmail Command Injection (CVE-2020-12641)
A command injection vulnerability exists in Roundcube Webmail . Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Opmantek Open-AudIT Command Injection (CVE-2020-12078)
A command injection vulnerability exists in Open-AudIT. The vulnerability is due to insufficient input validation in discoverieshelper.php. A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target server...
Jenkins Ansible Tower Plugin Information Disclosure (CVE-2019-10310)
A cross-site request forgery vulnerability exists in Jenkins Ansible Tower Plugin. Successful exploitation of this vulnerability could lead to disclosure of credentials stored in Jenkins server...
Barco EOM Presentation platform Remote Code Execution (CVE-2019-3929)
A command injection vulnerability exists in several IoT devices. Successful exploitation results in the execution of arbitrary commands on the targeted device...
Apache Pluto Chat Room Demo Portlet Persistent Cross-Site Scripting (CVE-2019-0186)
A cross site scripting vulnerability exists in Apache Pluto. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary commands on the affected system...
JBoss Seam 2 Framework Remote Code Execution (CVE-2010-1871)
An Arbitrary File Upload vulnerability exists in JBoss Seam 2 Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Micro Focus Secure Messaging Gateway SQL Injection (CVE-2018-12464)
A SQL injection vulnerability exists in Micro Focus Secure Messaging Gateway. The vulnerability is due to insufficient validation of user input. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Red Hat JBoss Data Grid Hotrod Client Insecure Deserialization (CVE-2017-15089)
An insecure deserialization vulnerability exists in the Hotrod client that ships with Red Hat JBoss Data Grid. This vulnerability is due the Hotrod client unsafely reading serialized data from the JBoss Data Grid cache...
LibVNCServer LibVNCClient FramebufferUpdate Rectangle Heap Buffer Overflow (CVE-2016-9941)
A heap-based buffer overflow has been reported in LibVNCServer LibVNCClient. The vulnerability is due to improper handling of FramebufferUpdate messages with specially crafted rectangles. A remote attacker could exploit this vulnerability by enticing a user to connect to a malicious VNC server an...
Symantec Endpoint Protection Manager Cross Site Request Forgery (CVE-2016-3653)
A Cross Site Request Forgery vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient CSRF protections. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a page. Successful exploitation could...
Piwigo Photo Gallery Project install script Directory Traversal - Ver2 (CVE-2013-1469)
A directory traversal vulnerability has been reported in Piwigo. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
Microsoft Visio Packed Object Parsing Memory Corruption - ver 2 (CVE-2007-0936)
A remote code-execution vulnerability has been reported in Microsoft Visio. The vulnerability is due to incorrectly handling the parsing of a packed object. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Microsoft Visio file, potentially causing...
Portable Executable Files With Weak Encryption (CVE-2013-3900)
Portable Executable PE files can contain encrypted data. PE files with weak data encryption can be decrypted to manipulate the data. There are cases in which certain traffic, although not intended for malicious use, is very unsafe, since it may transfer shellcode which is undetectable by IPS...
HP SiteScope SOAP Call runOMAgentCommand Command Injection (CVE-2013-2367)
A command injection vulnerability exists in HP SiteScope SOAP component...
HP Operations Manager Server Unauthorized File Upload (CVE-2009-3548; CVE-2009-3843; CVE-2009-4189)
HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure. It monitors both physical and virtual servers to identify the root cause of event storms, allowing faster time to...
Novell GroupWise Messenger Accept-Language Header Buffer Overflow (CVE-2006-0992)
Novell GroupWise Messenger is a corporate instant messaging solution targeted towards medium to large enterprise organizations. It facilitates secure communications and policy-based management through Novell's eDirectory product suite. The product is based on a client server model where messaging...
Lantronix PremierWave 2050 Multiple Vulnerabilities (CVE-2021-21872; CVE-2021-21873; CVE-2021-21874; CVE-2021-21875; CVE-2021-21881; CVE-2021-21882; CVE-2021-21883; CVE-2021-21884; CVE-2021-21888)
Multiple vulnerabilities exist in Lantronix PremierWave 2050. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary commands on the affected system...
Ffay Lanproxy Directory Traversal (CVE-2021-3019)
A directory traversal vulnerability exists in Ffay Lanproxy. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Laravel Ignition Remote Code Execution (CVE-2021-3129)
A remote code execution vulnerability exists in Laravel Ignition. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Aerospike Community Remote Code Execution (CVE-2020-13151)
A remote code execution vulnerability exists in Aerospike Community. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Harbor Container Registry Privilege Escalation (CVE-2019-16097)
A Privilege Escalation vulnerability exists in Harbor Container Registry. Successful exploitation of this vulnerability would allow a remote attacker to gain unauthorized access to the affected system...