130931 matches found
Tongda2000 SQL Injection Vulnerability
Tongda2000 is a web-based intelligent office system from China Tongda Tongda.A security vulnerability exists in Tongda2000 v11.10, which allows attackers to attack via the DEVICELIST parameter in /mobileseal/getseal.php. No detailed vulnerability details are available at this time...
Linux kernel has unspecified vulnerabilities (CNVD-2022-20176)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel versions prior to 5.16.10 have a security vulnerability that stems from the lack of RNDIS USB validation of the size of the RNDIS MSG SET command. An attacker could exploit this vulnerabilit...
WordPress Turn off all comments plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed using the PHP language. A cross-site scripting vulnerability exists in the WordPress Turn off all comments plugin, which stems from a failure to clean and escape rows parameters before...
Apache HTTP Server Code Execution Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A code execution vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to execute scripts in directori...
Apache HTTP Server Input Validation Error Vulnerability (CNVD-2022-41638)
Apache HTTP Server is an open source web server from the Apache Foundation. Apache HTTP Server 2.4.52 and earlier versions are vulnerable to an input validation error that results from setting LimitXMLRequestBody to allow request bodies larger than 350MB 1M by default on 32-bit systems, which cou...
Atlassian Fisheye and Crucible Information Disclosure Vulnerabilities
Atlassian Fisheye is a suite of source code deep viewing software.Atlassian Crucible is a suite of code review tools. An information disclosure vulnerability exists in Atlassian Fisheye and Crucible due to a flaw in the /rest-service-fecru/server-v1 resource. An attacker could use this...
Adobe InCopy out-of-bounds read vulnerability
Adobe Incopy is a text editing software for authoring from Adobe U.S.A. An out-of-bounds read vulnerability exists in Adobe InCopy, which can be exploited by attackers to execute code in the context of the current user...
Adobe Animate Out-of-Bounds Read Vulnerability (CNVD-2023-91795)
Adobe Animate is a set of Flash animation software from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Animate 23.0.2 and earlier versions, which can be exploited by attackers to obtain sensitive information...
Adobe Character Animator 2021 null pointer dereference vulnerability
Adobe Character Animator is a motion capture and animation tool that provides everyone with an easy-to-use solution for intuitive 2D character animation, real-time animation, and easy sharing and publishing of characters. Adobe Character Animator 2021 4.4 and earlier versions are vulnerable to a...
Adobe Photoshop out-of-bounds read vulnerability (CNVD-2022-22097)
Adobe Photoshop is a set of image processing software from the American company Odobi Adobe. Adobe Photoshop is vulnerable to an out-of-bounds read vulnerability that could be exploited by an attacker to cause a memory leak in the context of the current user...
Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2022-67838)
Microsoft Exchange Server is a popular mail service program developed by Microsoft. Microsoft Exchange Server has a security vulnerability that can be exploited by remote attackers to submit special requests that can execute arbitrary code via PowerShell in the context of an application...
Jfinal CMS SQL Injection Vulnerability
Jfinal CMS is a powerful information consulting website developed by java, using the simple and powerful JFinal as a web framework, template engine with beetl, database with mysql, front-end bootstrap framework. jfinal CMS version 5.1 has a SQL injection vulnerability, the vulnerability originate...
Jenkins Round Corner Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. Jenkins Plugin is an application that provides hundreds of plugins to support building, deploying, and automating any project. Jenkins Rundeck Plugin 3.6.10 and earlier versions have a cross-site scripting...
SQL Injection Vulnerability in Beijing Century Super Star Information Technology Development Co.
Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. Beijing Century Super Star Information Technology Development Limited Liability Company Super Star Huiya Electronic Library...
WordPress XML Sitemap Generator Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress XML Sitemap Generator version 2.0.4 has a cross-site scripting vulnerability that can be exploited by attackers to conduct cross-site scriptin...
Adobe InCopy out-of-bounds write vulnerability (CNVD-2022-04522)
Adobe Incopy is a text editing software for authoring from Adobe U.S.A. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...
Online Student Admission System Cross-Site Scripting Vulnerability
Online Student Admission System is an online student admission system. It is used to computerize all pre- and post-admission activities of an institution. A cross-site scripting vulnerability exists in the Online Student Admission System, which stems from an unknown function in its student user...
Apache Commons Text remote code execution vulnerability
Apache Commons Text is a library focused on string algorithms from the Apache Foundation, U.S. A remote code execution vulnerability exists in Apache Commons Text versions 1.5 through 1.9, which is caused by an insecure interpolation default flaw. An attacker could exploit this vulnerability to...
Logic Flaw Vulnerability in 51Cloud Real-Time Cloud Rendering Platform
Beijing Five One Vision Digital Twin Technology Co., Ltd 51WORLD is a digital twin platform company. 51cloud real-time cloud rendering platform exists there is a logic flaw vulnerability, attackers can use the vulnerability to overstep the right to modify the account permissions, access to...
Adobe Creative Cloud Desktop Application Access Control Error Vulnerability
Adobe Creative Cloud Desktop Application, the management software for various Creative Cloud applications and services, is vulnerable to an access control error in Adobe Creative Cloud Desktop Application 5.4 and earlier, which could be exploited to write to arbitrary file systems...
TP-Link Archer AX21 AX1800 Command Injection Vulnerability
TP-Link Archer AX21 AX1800 is a WIFI6 router from TP-Link.TP-Link Archer AX21 AX1800 suffers from a command injection vulnerability, which stems from unfiltered user input and can be exploited by attackers to construct malicious requests to execute arbitrary commands...
WordPress Code Snippets plugin跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Code Snippets plugin cross-site scripting vulnerability, which originates from the &orderby paramet...
Prison Management System SQL注入漏洞
Prison Management System is a web-based application project developed using PHP and MySQL database.An SQL injection vulnerability exists in Prison Management System version 1.0, which stems from not properly filtering the content "Inmates/viewinmate" id parameter. An attacker can exploit this...
Apache HTTP Server Denial of Service Vulnerability (CNVD-2022-41639)
Apache HTTP Server is an open source web server from the Apache Foundation. A denial-of-service vulnerability exists in Apache HTTP Server 2.4.52 and earlier versions, which stems from a well-designed request body that reads random memory regions and can be exploited by attackers to crash process...
Jenkins SSH Plugin Access Control Error Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins SSH Plugin 2.6.1 and earlier...
SQL Injection Vulnerability in UFIDA U8-OA Enterprise Edition (CNVD-2022-31182)
UFIDA Network Technology Corporation is an enterprise cloud services and software provider. A SQL injection vulnerability exists in UFIDA U8-OA Enterprise Edition, which can be exploited by attackers to obtain sensitive database information...
Adobe InCopy memory buffer out-of-bounds access vulnerability
Adobe InCopy is a professional word processing program from Adobe, integrated with Adobe InDesign. Adobe InCopy 16.4 and earlier versions are vulnerable to a memory buffer out-of-bounds access vulnerability. An attacker could exploit the vulnerability to execute arbitrary code...
PHP Development Server Information Disclosure Vulnerability
PHP is a widely used general purpose scripting language that is particularly well suited for web development and can be embedded in HTML.An information disclosure vulnerability exists in PHP Development Server, which stems from a logic flaw in the php cli server begin send static when parsing htt...
Siemens SICAM A8000 CP-8050 and CP-8031 Unauthorized Access Vulnerability
The SICAM A8000 RTU Remote Terminal Unit series is used for automation applications in all areas of remote control and energy supply. An unauthorized access vulnerability exists in the Siemens SICAM A8000 CP-8050 and CP-8031, which can be exploited by an attacker to access files without...
Apache HTTP Server Access Control Error Vulnerability
Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. An Access Control Error vulnerability exists in Apache HTTP Server, which can be exploited by an attacker to cause an access contr...
Jenkins Script Security Plugin Cross-Site Request Forgery Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Script Security Plugin...
Adobe Prelude null pointer dereference vulnerability (CNVD-2021-92814)
Adobe Prelude is a video recording and capture tool designed for intuitive and efficient media organization and metadata entry to quickly tag and transcode video footage and quickly create rough cuts.Adobe Prelude 10.1 and earlier versions are vulnerable to a null pointer dereference. An attacker...
Jenkins Embeddable Build Status Plugin跨站脚本漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Embeddable Build Status Plugin ha...
Jenkins WMI Windows Agents Plugin Access Control Error Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.The Jenkins WMI Windows Agents Plugin is...
Xiaomi Router AX6000 Information Disclosure Vulnerability
Xiaomi Router AX6000 is a router from Xiaomi China. Xiaomi Router AX6000 1.0.56 previously had an information disclosure vulnerability that stemmed from a routing configuration error, which could be exploited by an attacker to download some of the files in Xiaomi Router AX6000...
Google Android elevation of privilege vulnerability (CNVD-2022-50273)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability. An attacker can exploit this vulnerability to elevate privileges...
Adobe InCopy Memory Out-of-Bounds Access Vulnerability (CNVD-2021-82416)
Adobe InCopy is a professional word processing program from Adobe, integrated with Adobe InDesign. Adobe InCopy 11.1 and earlier versions have a memory out-of-bounds access vulnerability that could be exploited by attackers to execute arbitrary code...
Adobe Dimension buffer overflow vulnerability
Adobe Dimension is a set of 2D and 3D composite design tools from Adobe. Adobe Dimension handles files with a buffer overflow vulnerability, which can be exploited by remote attackers to submit special file requests and trick users into parsing them, which can capture sensitive memory information...
Jenkins Convertigo Mobile Platform Plugin跨站请求伪造漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.A cross-site request forgery vulnerability...
PHP Denial of Service Vulnerability
PHP is a scripting language that executes on the server side. A denial of service vulnerability exists in PHP versions prior to 7.4.31, 8.0.0 and later, 8.0.24 and earlier, and 8.1.0 and later, and 8.1.11 and earlier, which stems from the fact that the phar decompressor code recursively...
Adobe InCopy out-of-bounds write vulnerability
Adobe Incopy is a text editing software for authoring from Adobe U.S.A. An out-of-bounds write vulnerability exists in Adobe InCopy, which can be exploited by attackers to cause arbitrary code to be executed in the context of the current user...
H2 database code issue vulnerability
H2 database is an embeddable Rdbms written in Java . A code issue vulnerability exists in H2 database, which stems from the H2 database's getConnection method taking the driver's class name and the database's URL as parameters, which can be exploited by an attacker to pass the name of the JNDI...
Jenkins Embeddable Build Status Plugin路径遍历漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is an application.Jenkins Embeddable Build Status Plugin 2.0...
Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2022-41640)
Apache HTTP Server is an open source web server from the Apache Foundation. The server is fast, reliable, and extensible via a simple API.A buffer overflow vulnerability exists in Apache HTTP Server, which stems from a networked system or product that does not properly validate data boundaries wh...
Google Android elevation of privilege vulnerability (CNVD-2022-50276)
Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain elevated privileges...
IBM Spectrum Protect Operations Center信息泄露漏洞(CNVD-2022-48933)
IBM Spectrum Protect Operations Center, an IBM company, provides visual control of the IBM Spectrum Protect environment. IBM Spectrum Protect Operations Center versions 8.1.12 and 8.1.13 are vulnerable to information disclosure vulnerability, which stems from the fact that account passwords may b...
Microsoft Windows Backup Service Elevation of Privilege Vulnerability (CNVD-2023-02699)
Microsoft Windows Backup Service is an elevation of privilege vulnerability that can be exploited by attackers to elevate privileges...
Adobe Photoshop Buffer Overflow Vulnerability (CNVD-2022-20502)
Adobe Photoshop is a set of image processing software from the American company Audobee Adobe. The software is mainly used for processing pictures. Adobe Photoshop suffers from a buffer overflow vulnerability that can be exploited by an attacker to trigger arbitrary code execution...
Jenkins Convertigo Mobile Platform Plugin信息泄露漏洞
Jenkins and Jenkins Plugin are both Jenkins open source products. jenkins is an application. An open source automation server, Jenkins provides hundreds of plugins to support building, deploying, and automating any project. jenkins Plugin is an application. jenkins Convertigo Mobile Platform Plug...
Linux kernel elevation of privilege vulnerability (CNVD-2022-69204)
Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to an elevation of privilege vulnerability, which stems from watchqueue triggering a memory corruption in the Linux kernel that could be exploited by an attacker to gain elevat...