195539 matches found
Rockwell Automation ThinManager 缓冲区错误漏洞
Rockwell Automation ThinManager is a thin client management software from Rockwell Automation. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A security vulnerability exists in Rockwell Automation ThinManager versions 11.0.0 through 13.0.0, which stems fr...
Microsoft Endpoint Configuration Manager 安全漏洞
Microsoft Endpoint Configuration Manager is a local management solution from Microsoft. It is used to manage networked or Internet-based desktops, servers, and laptops. A security vulnerability exists in Microsoft Endpoint Configuration Manager, which can be exploited by an attacker to gain acces...
TYPO3 跨站脚本漏洞
TYPO3 is a free and open source content management system framework CMS/CMF from TYPO3 Association in Switzerland. A cross-site scripting vulnerability exists in TYPO3. An attacker could exploit this vulnerability to perform cross-site scripting attacks...
Microsoft Windows DPAPI 安全漏洞
Microsoft Windows is a suite of operating systems for personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in Microsoft Windows DPAPI Data Protection Application Programming Interface. The following products and versions are affected: Windows 11 for x64-base...
tesseract 数字错误漏洞
tesseract is an open source OCR Optical Character Recognition engine. A numeric error vulnerability exists in the Leptonica linked library v1.79.0 in tesseract v5.0.0, which can be exploited by an attacker to cause an arithmetic anomaly via a specially crafted JPEG file, leading to a denial of...
InnoSilicon A10 安全漏洞
The InnoSilicon A10 is a mining machine from InnoSilicon. A security vulnerability exists in the InnoSilicon A10 a1020200924120556 version, which stems from the discovery of a Remote Code Execution RCE vulnerability contained via the setPlatformAPI function...
TRENDnet TV-IP572PI 授权问题漏洞
The TRENDnet TV-IP572PI is a megapixel HD PoE day/night network camera from TRENDnet. A security vulnerability exists in TRENDnet TV-IP572PI v1.0, which stems from improper access control. An attacker could exploit the vulnerability to access sensitive system information...
schroot 安全漏洞
schroot is a software package. It is used to allow users to run commands or log into a shell in a chroot environment. A security vulnerability exists in the Debian schroot package. An attacker has exploited this vulnerability to bypass schroot's restrictions via Session Names in order to elevate...
w3m 缓冲区错误漏洞
w3m is a WWW-enabled pager from the personal developer Tatsuya Kinoshita. A security vulnerability exists in w3m version 0.5.3, which stems from an out-of-bounds write to checkType in etc.c. This can be triggered by sending a crafted HTML file to the w3m binary, allowing attackers to cause a deni...
Intel Active Management Technology 安全漏洞
Intel Active Management Technology AMT is a suite of hardware-based remote active management technology software for computers from Intel Corporation. A security vulnerability exists in Intel Active Management Technology , Standard Manageability versions prior to August 9, 2022, which stems from...
Thingsboard 跨站脚本漏洞
Thingsboard is a Java-based platform for IOT devices for monitoring, management, and data collection from the Thingsboard team. A security vulnerability exists in Thingsboard version 3.3.1, which can be exploited by an attacker to put a script payload into the name of a rule node when creating th...
Electronic Medical Records System SQL注入漏洞
Electronic Medical Records System is an electronic medical records system. Electronic Medical Records System suffers from a SQL injection vulnerability that stems from an unknown function of its POST request handler that operates on the parameter useremail to cause sql injection. The attack metho...
TCL LinkHub Mesh Wi-Fi 安全漏洞
TCL LinkHub Mesh Wi-Fi is a router from TCL Corporation. A security vulnerability exists in TCL LinkHub Mesh Wi-Fi version MS1G0001.0014, which stems from a buffer overflow vulnerability in the GetValue function, where a specially crafted configured value may cause a buffer overflow...
Realtek AP-Router SDK 输入验证错误漏洞
The Realtek AP-Router SDK is a software package for wireless chipsets from Realtek Semiconductor Realtek of China. The Realtek AP-Router SDK suffers from an input validation error vulnerability that originates from remote code execution via a crafted SIP packet containing malicious SDP data...
Jenkins Android Signing Plugin 安全漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Microsoft Windows 代码问题漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A code issue vulnerability exists in the Microsoft Windows Client/Server Runtime Subsystem. The following products and editions are affected:Windows 10 Version 1809 for 32-bit...
WordPress plugin New User Approve 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress New User Approve plugin versions prior to 2.4 are vulnerable to cross-site request forgery, which...
Jenkins Plugin vRealize Orchestrator 跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins vRealize Orchestrator Plugin 3.0...
Fastjson 代码问题漏洞
Fastjson is a Java-based fast JSON parser/generator. versions prior to Fastjson 1.2.83 have a security vulnerability that stems from the ease of bypassing the default autoType off restriction to deserialize untrusted data, which is exploited by attackers to cause code execution...
Delta Controls enteliTOUCH 跨站脚本漏洞
Delta Controls enteliTOUCH is a touchscreen building controller from Delta Controls Canada. A security vulnerability exists in Delta Controls enteliTOUCH versions 3.40.3935, 3.40.3706, and 3.33.4005, which stems from a cross-site scripting vulnerability discovered via the Username parameter. The...
ZKEACMS 跨站脚本漏洞
ZKEACMS v3.5.2 is a cross-site scripting vulnerability that can be exploited by attackers to inject malicious JavaScript programs to steal other users' cookies, etc...
SPIP 跨站脚本漏洞
SPIP is a web-based content publishing system. A cross-site scripting vulnerability exists in SPIP version 3.1.13 and prior versions, which originates in /spip.php. The vulnerability stems from the program's lack of data validation filtering of user-supplied data and output. An attacker could use...
WordPress plugin myCred 安全漏洞
WordPress is a set of blogging platform developed using the PHP language. myCred 2.4.4, a WordPress plugin, previously had an authorization issue vulnerability, which stems from the plugin's failure to perform any authorization and CSRF checks in the myCred tool's import and export AJAX operation...
Red Lion DA50N 安全漏洞
The Red Lion DA50N is a series of secure edge network gateways from Red Lion, U.S.A. A security vulnerability exists in the Red Lion DA50N that could be exploited by an attacker to elevate to root access using the su command...
Joomla! 代码注入漏洞
Joomla! is a set of forum components used in the Joomla! content management system. A code injection vulnerability exists in versions 4.0.0 to 4.1.0 of Joomla!, which stems from an HTTP request parameter input validation error. No detailed vulnerability details are available at this time...
WordPress plugin Infographic Maker SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in the WordPress plugin...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. cross-site scripting vulnerability exists in versions of the WordPress ARI Fancy Lightbox plugin prior to 1.3.9, which stems from a...
Sylius 信息泄露漏洞
Sylius is a set of open source e-commerce platform based on the Symfony framework from the Polish company Sylius. Sylius has an information disclosure vulnerability, and no details of the vulnerability are currently available...
Icinga Web 2 路径遍历漏洞
Icinga Web 2 is an application that supports Icinga 2, Icinga Core, and any other IDO database-compatible monitoring backend, developed by the Icinga Project as a next-generation open source monitoring web interface, framework, and command line interface. Icinga Web 2 suffers from a path traversa...
Microsoft Windows HTML Platform 安全特征问题漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in the Microsoft Windows HTML Platform due to a security feature issue. The following products and versions are affected: Windows 7 for 32-bit Systems Service Pack...
Go-Ethereum 代码问题漏洞
Ethereum Go-ethereum is a codebase from the Ethereum community that implements the ethereum protocol in the Go language. A code issue vulnerability exists in Go-Ethereum that stems from a product that allows an attacking node to send 5,120 future high-oil transactions in a single message, which c...
Cedar Gate EZ-NET 跨站脚本漏洞
Cedar Gate EZ-NET is an Internet portal application from Cedar UK. A cross-site scripting vulnerability exists in The Cedar Gate EZ-NET 6.5.5, 6.6.3, 6.7.0, and 6.8.0 that stems from The Cedar Gate EZ-NET 6.5.5, and 6.8.0 having a call to display messages to the user that do not correctly clean u...
Banking System SQL注入漏洞
Banking System is a simple banking system project by Carlo Montero's personal developer. It is used to manage bank customers' accounts and process basic customer transactions. A security vulnerability exists in Banking System that originates from allowing arbitrary SQL commands to be executed via...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WP RSS Aggregator plugin has a cross-site scripting vulnerability in versions prior to 4.19.3, which...
Atlassian Jira 授权问题漏洞
Atlassian Jira is a defect tracking system from Atlassian Australia. An access control error vulnerability exists in Atlassian Jira Server and Data Center, which stems from an authentication in the product's /plugins/servlet/project-config/PROJECT/roles endpoint. is corrupted, and an attacker cou...
Django 安全漏洞
Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django, which stems from the fact that HTTP requests for URLs...
Distributed Data Systems WebHmi 授权问题漏洞
Distributed Data Systems WebHmi is a Scada system with a built-in web server from Distributed Data Systems, Ukraine. It is used for monitoring and controlling any automation system on the local network as well as over the Internet from computers and mobile devices. Distributed Data Systems WebHmi...
elgg 安全漏洞
Elgg is a set of open source social networking engine. The product blogs, file sharing, groups, and other features. A security vulnerability exists in elgg that stems from elgg's susceptibility to authorization bypass via a user-controlled key...
NLnet Labs Routinator 缓冲区错误漏洞
NLnet Labs Routinator is an RPKI Resource Public Key Infrastructure authenticator written in Rust from Stichting NLnet Stichting Nlnet Labs in the Netherlands. A security vulnerability exists in NLnet Labs Routinator, which stems from the mismanagement of system resources e.g., memory, disk space...
Ax-Solutions Visual Tools Dvr Vx16 操作系统命令注入漏洞
Ax-Solutions Visual Tools Dvr Vx16 is a video surveillance system from Ax-Solutions, Inc. It is used for image analysis. An operating system command injection vulnerability exists in Ax-Solutions Visual Tools DVR VX16 4.2.28.0, which allows an unauthenticated attacker to achieve remote command...
Moodle 授权问题漏洞
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from an authorization issue vulnerability that stems from a type juggling issue in the external database authentication...
Microsoft Office 代码注入漏洞
Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. Commonly used components of this product include Word, Excel, Access, Powerpoint, FrontPage, and so on. A code injection vulnerability exists in Microsoft Office. The following products and edition...
Saltstack SaltStack Salt 安全漏洞
Saltstack SaltStack Salt is a set of open source tools for managing infrastructure from SaltStack Saltstack. The tool provides configuration management, remote execution, and other features. SaltStack Salt versions prior to Salt 3003.3 have a security vulnerability that allows a user with a contr...
Google TensorFlow缓冲区错误漏洞
Google TensorFlow is an end-to-end open source platform for machine learning from Google, Inc. A security vulnerability exists in Google TensorFlow that could be exploited to cause TensorFlow to terminate abnormally...
WordPress和WordPress 插件 SQL注入漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Secure Copy Content Protection plugin is an application plugin for WordPress. A SQL injection vulnerability exists in...
VMware ESXi 缓冲区错误漏洞
VMware ESXi is a server virtualization platform from VMware that can be installed directly on physical servers. A buffer error vulnerability exists in VMware ESXi, which originates from an out-of-bounds read of heap memory by OpenSLP in the product, which can be triggered by malicious access on...
Microsoft Bing 安全漏洞
Microsoft Bing is a web search engine from Microsoft Corporation USA. A security vulnerability exists in Microsoft Bing. The following products and versions are affected: Microsoft Bing Search for Android...
Joomla! 代码问题漏洞
Joomla! is a set of forum components used in the Joomla! content management system. A code issue vulnerability exists in Joomla! 2.5.0 - 3.9.27. The vulnerability stems from a hard-coded ACL check for superuser missing from the install operation in cominstaller, which can be exploited to execute...
Nextcloud Android app 安全漏洞
Nextcloud Android app is an Android-based mobile application from Nextcloud Germany for accessing Nextcloud servers. A denial of service vulnerability exists in the Nextcloud Android app, which can be exploited by an attacker to cause the Nextcloud app to crash...
CLICK PLC CPU Modules 授权问题漏洞
CLICK PLC CPU Modules are Automation Direct's network devicesA single CLICK CPU Module can be connected to up to eight I/O modules to expand the number of system I/O and meet the needs of a specific application. An authorization issue vulnerability exists in Automation Direct CLICK PLC CPU Module...