13538 matches found
VideoLAN VLC Media Player Denial of Service (CVE-2018-19857)
A denial-of-service vulnerability exists in VideoLAN VLC media player 3.0.4. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Rittal Command Injection (CVE-2020-11953)
A command injection vulnerability exists in Rittal. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Pritunl Client Privilege Escalation (CVE-2016-7063)
A privilege escalation vulnerability exists in Pritunl Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Rite CMS Command Injection
A command injection vulnerability exists in Rite CMS. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands on the affected system...
SAP NetWeaver Remote Code Execution (CVE-2020-6287)
A remote code execution vulnerability exists in SAP NetWeaver. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Rittal PDU Command Injection (CVE-2020-11956)
A command injection vulnerability exists in Rittal PDU. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands on the affected system...
Invision Power Services Community Suite Reflected Cross Site Scripting (CVE-2017-8897)
A reflected cross site scripting vulnerability exists in Invision Power Services Community Suite. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...
Citrix ADC Authentication Bypass (CVE-2020-8193; CVE-2020-8195; CVE-2020-8196)
An authentication bypass vulnerability exists in Citrix ADC and Citrix gateway. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...
Pdfparser ObjReader ReadObj Buffer Overflow (CVE-2018-11128)
A buffer overflow vulnerability exists in Pdfparser ObjReader ReadObj function. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Perl archive zip Directory Traversal (CVE-2018-10860)
A directory traversal vulnerability exists in Perl archive zip. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
CloudMe Sync Buffer Overflow (CVE-2018-6892)
A buffer overflow vulnerability exists in CloudMe Sync. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
HAProxy HTTP2 HPACK Remote Code Execution (CVE-2020-11100)
A remote code execution vulnerability exists in HAProxy. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
HAProxy HTTP2 CRLF Injection (CVE-2019-19330)
A CRLF injection vulnerability exists in HAProxy HTTP2 module. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Oracle WebLogic Insecure Deserialization (CVE-2020-2963)
An insecure deserialization vulnerability exists in Oracle Weblogic. This vulnerability is due to insufficient validation of T3 requests...
SuperWebMailer Remote Code Execution (CVE-2020-11546)
A remote code execution vulnerability exists in SuperWebMailer. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
D-Link DAP-1520 Buffer Overflow (CVE-2020-15892)
A buffer overflow vulnerability exists in D-Link DAP-1520 devices. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Laravel Illuminate Remote Code Execution (CVE-2019-9081)
A remote code execution vulnerability exists in Laravel. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
FLIR AX8 Thermal Camera Arbitrary File Disclosure
An information disclosure vulnerability exists in FLIR. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Rails Action View Information Disclosure (CVE-2019-5418)
An information disclosure vulnerability exists in Debian Linux. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
HaProxy HTTP Request Smuggling (CVE-2019-18277)
An Improper Input Validation exists in HaProxy. Messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. Successful exploitation could result in HTTP request smuggling vulnerability...
Apache Kylin Command Injection (CVE-2020-13925)
A command injection vulnerability exists in Apache kylin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Elasticsearch MachineLearning XML External Entities (CVE-2018-17247)
An XML external entities vulnerability exists in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the...
Elasticsearch Privilege Escalation (CVE-2020-7009)
A privilege escalation vulnerability exists in Elasticsearch. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...
Cisco Adaptive Security Appliance Directory Traversal (CVE-2020-3452)
A directory traversal vulnerability exists in Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information from the affected server...
Citrix ADC Reflected Cross Site Scripting (CVE-2020-8191)
A reflected cross-site scripting vulnerability exists in Citrix ADC and Citrix gateway. The vulnerability is due to insufficient input validation in the web-based management interface. Successful exploitation could result in execution of arbitrary scripts on the affected system...
GoAhead Command Injection (CVE-2019-15311; CVE-2019-15310; CVE-2019-15312)
A command injection vulnerability exists in GoAhead. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands on the affected system...
BSA Radar Information Disclosure (CVE-2020-14946)
An information disclosure vulnerability exists in BSA Radar. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
BooleBox Stored Cross-Site Scripting (CVE-2020-13248)
A stored cross-site scripting vulnerability exists in BooleBox. This vulnerability is due to insufficient validation of user avatar json parameter. Successful exploitation could result in execution of arbitrary scripts on the affected system...
Google Chrome v8 Object.seal Map Transitions Type Confusion
A type confusion vulnerability exists in Google. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Eaton Intelligent Power Manager system_srv Command Injection (CVE-2020-6651)
A command injection vulnerability exists in Eaton Intelligent Power Manager. The vulnerability is due to a lack of validation of a user-supplied string in requests handled by systemsrv.js before using it to execute a system command...
Opmantek Open-AudIT m_discoveries.php Command Injection (CVE-2020-11941)
A command injection vulnerability exists in Open-AudIT. The vulnerability is due to insufficient input validation in mdiscoveries.php...
Redis Authentication Bypass Code Execution
An authentication bypass vulnerability exists in Redis. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Wing FTP Remote Code Execution
A remote code execution vulnerability exists in Wing FTP server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Oracle E-Business Suite Human Resources SQL Injection (CVE-2020-2956)
An SQL execution vulnerability exists in the Position Hierarchy Viewer module of the Human Resources component in Oracle E-Business Suite. The vulnerability is due to use of untrusted user input to build a portion of an SQL query string...
Microsoft Windows Media Decompression Remote Code Execution(MS13-011; CVE-2013-0077)
A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way Windows handles media content. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...
Citrix ADC Command Injection (CVE-2020-8194)
A command injection vulnerability exists in Citrix ADC and Citrix gateway. Successful exploitation of this vulnerability would allow remote attackers to execute arbitrary commands on the affected system...
HPE IMC deploySelectBootrom Remote Code Execution
An Expression Language injection vulnerability exists in HPE Intelligent Management Center. This vulnerability is due to insufficient handling of the beanName request parameter provided to the deploySelectBootrom.xhtml endpoint. A remote attacker could exploit this vulnerability by sending a...
Trend Micro Multiple Products Directory Traversal (CVE-2020-8470)
A directory traversal vulnerability exists in Trend Micro Apex One and OfficeScan. The vulnerability is due to improper validation of user-supplied file name in the request...
SAP NetWeaver Directory Traversal (CVE-2020-6286; CVE-2020-6287)
A directory traversal vulnerability exists in SAP NetWeaver. Successful exploitation of this vulnerability could lead to disclosure of file contents accessible by the prime user...
We-Com Municipality Portal CMS SQL Injection (CVE-2020-15539)
An SQL injection vulnerability exists in We-Com municipality portal CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress WP With Spritz Remote File Inclusion
A vulnerability exists in WordPress. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Microsoft Windows Media Player MIDI Remote Code Execution (MS12-004; CVE-2012-0003)
A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in Windows Media Player while handling specially crafted MIDI files. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted MIDI fi...
Microsoft Internet Explorer Memory Corruption (MS11-003; CVE-2011-0035)
A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted when parsing specially crafted Web content. To trigger this issue, an attacker may create a...
Phpzag SQL Injection (CVE-2020-8519; CVE-2020-8520; CVE-2020-8521)
An SQL injection vulnerability exists in Phpzag. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress gVectors wpDiscuz Plugin SQL Injection (CVE-2020-13640)
An SQL injection vulnerability exists in WordPress gVectors wpDiscuz Plugin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Windows Kernel Information Disclosure (CVE-2020-1426)
An information disclosure vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...
Microsoft Windows Address Book Contact File Parsing Integer Overflow (CVE-2020-1410)
An integer overflow vulnerability has been reported in Microsoft Windows Address Book. This vulnerability is due to improper handling of Contact files. A remote attacker could exploit this vulnerability by enticing a target user to open a Windows Contacts file. Successful exploitation could resul...
Microsoft VBScript Remote Code Execution (CVE-2020-1403)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Remote Desktop Client Remote Code Execution (CVE-2020-1374)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows Graphics Component Elevation of Privilege (CVE-2020-1382)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...