131102 matches found
WordPress Web-Dorado Instagram Feed WD plugin cross-site scripting vulnerability (CNVD-2018-08291)
WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Web-Dorado Instagram Feed WD plugin is a social media content sharing plugin used in ... A cross-site scripting...
Microsoft SharePoint Remote Elevation of Privilege Vulnerability (CNVD-2018-07006)
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 are both products of Microsoft Corporation, U.S.A. Microsoft Project Server is a suite of Project Portfolio Management PPM and day to day Microsoft Project Server is a project management solution for project portfolio...
FTPShell client denial of service vulnerability
FTPShell client is a set of windows-based file transfer program. A security vulnerability exists in FTPShell Client version 6.7. A remote attacker can cause a denial of service crash and execute arbitrary code by sending 400 'F' characters and FTP 220 response code to exploit the vulnerability...
Monstra CMS Arbitrary PHP Code Execution Vulnerability
Monstra CMS is a lightweight PHP-based content management system CMS developed by Ukrainian software developer Sergey Romanenko. The system is easy to install and use, scalable and so on. A security vulnerability exists in Monstra CMS 3.0.4 and earlier versions, which stems from the fact that .ph...
Memory Misreference Vulnerability in libming 'decompileIF' Function
libming is a Flash SWF output library written in C for use in systems developed in PHP, Perl, etc. It can be used to output Flash SWF files to the system. A memory misreference vulnerability exists in the 'decompileIF' function in the util/decompile.c file in libming 0.4.8 and earlier versions. A...
WordPress ultimate-form-builder-lite plugin SQL injection vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . ultimate-form-builder-lite plugin is one of the contact form builder plugin . A SQL injection vulnerability exists ...
Fortinet FortiOS Denial of Service Vulnerability (CNVD-2017-35607)
FortiOS is an intuitive operating system that lets you control all security and networking features of all FortiGates throughout your network. A denial of service vulnerability exists in Fortinet FortiOS. A remote authenticated user can cause the target web interface to be temporarily unavailable...
Microsoft Windows Kernel Information Disclosure Vulnerability (CNVD-2017-30355)
Microsoft Windows Server 2016 and others are operating systems released by Microsoft USA. kernel is one of the kernels. An information disclosure vulnerability exists in kernel in Microsoft Windows, which stems from a program's failure to properly initialize objects in memory. An attacker can...
Microsoft Office Memory Corruption Vulnerability (CNVD-2017-27433)
Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A memory corruption vulnerability exists in Microsoft Office where a remote program fails to properly hand...
Microsoft Edge Information Disclosure Vulnerability (CNVD-2017-23795)
Microsoft Windows 10 and Windows Server 2016 are both products of Microsoft Corporation USA. The former is an operating system for personal computers and the latter is a server operating system.Edge is one of the web browsers that comes with the system. Edge in Microsoft Windows suffers from an...
LAME Denial of Service Vulnerability (CNVD-2017-20146)
LAME is LAME team developed a set of open source MP3 audio compression software . A security vulnerability exists in the 'fillbufferresample' function in the libmp3lame/util.c file in LAME version 3.99.5. A remote attacker can exploit this vulnerability to cause a denial of service heap buffer...
Synology DiskStation Manager (DSM) Information Disclosure Vulnerability
Synology DiskStation Manager is an operating system for use on networked storage servers NAS. A security vulnerability in Synology DiskStation Manager forgetpasswd.cgi allows remote attackers to submit a special request to enumerate valid usernames...
Charamin OMP Untrustworthy Search Path Vulnerability
Charamin OMP is a media player that automatically generates dance animations by analyzing music files. An untrustworthy search path vulnerability exists in Charamin OMP versions 1.1.7.4 and earlier and 1.2.0.0 Beta and earlier. An attacker can exploit this vulnerability to gain privileges with th...
swagger-ui cross-site scripting vulnerability (CNVD-2017-16019)
swagger-ui is a set of API online documentation generation and testing tools . A cross-site scripting vulnerability exists in versions of swagger-ui prior to 2.2.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Red Hat Enterprise Linux SerializableProvider Code Execution Vulnerability
Red Hat Enterprise Linux is a Linux operating system for business users. A security vulnerability exists in the Red Hat Enterprise Linux SerializableProvider component that allows remote attackers to exploit the vulnerability to submit a special request to execute arbitrary code...
Artifex Software Ghostscript Artifex jbig2dec 'jbig2_build_huffman_table' function integer overflow vulnerability
Artifex Software Ghostscript is a U.S. Artifex Software, Inc. of an open source PostScript parser , it can display Postscript files as well as non-Postscript printers to print Postscript files . Artifex jbig2dec is a Ghostscript and MuPDF for decoding PDF files in the JBIG2 stream implementation...
WavPack Local Denial of Service Vulnerability (CNVD-2017-02352)
WavPack is an open source, free audio lossless compression software. A local denial of service vulnerability exists in WavPack version 5.0.0. An attacker could exploit this vulnerability to cause a denial of service or obtain sensitive information...
libgd 'gdImageCreate()' function denial of service vulnerability
libGD also known as GD Graphics Library or libgd2 is an American software developer Thomas Boutell developed an open source for the dynamic creation of images library, which supports the creation of charts, graphs and thumbnails and so on. A denial of service vulnerability exists in the libgd...
Microsoft Office Security Feature Bypass Vulnerability (CNVD-2016-12460)
Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A security feature bypass vulnerability exists in Microsoft Office software that originates when the progr...
Redis Out-of-Bounds Remote Code Execution Vulnerability
Redis is a set of open source written in ANSI C , network support , memory-based can also be persistent log-type , key-value store database , and provides a variety of languages API. A remote code execution vulnerability exists in Redis that can be exploited by an attacker to execute arbitrary co...
Novell GroupWise Heap Buffer Overflow Vulnerability
Novell GroupWise is a cross-platform collaboration software. A heap buffer overflow vulnerability exists in Novell Focus GroupWise 2014 R2 and 2014 releases, which arises from a program that fails to perform proper boundary checks on user-submitted input. An attacker could use this vulnerability ...
INSIDE Secure MatrixSSL Information Disclosure Vulnerability (CNVD-2016-06540)
INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. An information disclosure vulnerability exists in versions of INSIDE Secure MatrixSSL prior to 3.8.3. An attacker could exploit this vulnerability to conduct a...
GNU glibc Infinite Loop Denial of Service Vulnerability
GNU glibc is an implementation of the C library for the Linux operating system. An infinite loop denial of service vulnerability exists in GNU glibc version 2.22. An attacker can exploit the vulnerability to cause an infinite loop denial of service...
Adobe Flex Buffer Overflow Vulnerability
Adobe Flex is the United States of America Odobie Adobe company's set of free, open source framework for building and maintaining Web applications. A buffer overflow vulnerability exists in the yygetnextbuffer function in Adobe Flex. A remote attacker could exploit this vulnerability to cause a...
eCryptfs ecryptfs-setup-swap Information Disclosure Vulnerability
eCryptfs Enterprise Cryptographic Filesystem is a set of disk encryption software for encrypted Linux systems maintained by software developers Dustin Kirkland and Tyler Hicks. The software is compatible with POSIX file system level encryption and supports file granularity file or directory...
Huawei Honor 4C Driver Input Validation Vulnerability (CNVD-2016-05175)
The Huawei Honor 4C 华为荣耀4C is a smartphone product of the Chinese company Huawei. An input validation vulnerability exists in the Huawei Honor 4C driver, which can be exploited by an attacker to cause a system reboot or user privilege elevation by tricking the user into installing a malicious...
ABB PCM600 Password Hash Vulnerability
The ABB PCM600 is a protection and control IED manager, primarily used in the energy industry. The master application password in the ABB PCM600 ACTConfig configuration file uses a weak hash function. A local attacker could exploit this vulnerability to access the affected device...
RoundCube Webmail Cross-Site Request Forgery Vulnerability
RoundCube Webmail is a browser-based IMAP client mail client. A cross-site request forgery vulnerability exists in RoundCube Webmail, which can be exploited by an attacker to download message attachments by sending a GET request with the download parameter set to 1...
Apple OS X Intel Graphics Driver Memory Corruption Vulnerability (CNVD-2016-01879)
Apple OS X is a specialized operating system developed by Apple for Mac computers.Intel Graphics Driver is one of the graphics card driver components. A security vulnerability exists in Intel Graphics Driver in Apple OS X versions prior to 10.11.4. The vulnerability can be exploited by an attacke...
Android MediaTek Wi-Fi Kernel Driver Privilege Gain Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, and the MediaTek Wi-Fi kernel driver is one of the Wi-Fi kernel driver components. A security vulnerability exists in the MediaTek Wi-Fi kernel driver for Android versions 6.x prio...
Cyrus IMAP index_urlfetch Information Disclosure Vulnerability
Cyrus IMAP Server is an e-mail server developed at Carnegie Mellon University. A security vulnerability exists in the function indexurlfetch in Cyrus IMAP versions 2.3.x-2.3.19, 2.4.x-2.4.18, 2.5.x-2.5.4 index.c. A remote attacker can exploit this vulnerability to obtain sensitive information by...
ZTE ZXHN H108N R1A Information Disclosure Vulnerability
The ZTE ZXHN H108N R1A is a wireless router product from China's ZTE Corporation. An information disclosure vulnerability exists in the ZTE ZXHN H108N R1A ZTE.bhs.ZXHNH108NR1A.hPE version and the ZXV10 W300 W300V1.0.0fER1PE, which allows remote attackers to exploit the vulnerability to obtain a...
GNU Screen Denial of Service Vulnerability
GNU Screen is a set of free software for command line terminal switching. A stack overflow vulnerability exists in GNU Screen. An attacker can exploit the vulnerability to crash the application and cause a denial of service...
SIS XGI VGA Display Manager Privilege Vulnerability
SIS XGI VGA Display Manager is a VGA display manager. A security vulnerability exists in SIS XGI VGA Display Manager that allows an attacker to write to arbitrary memory locations and gain elevated privileges...
GarrettCom Magnum 6K and 10K Switches Remote Denial of Service Vulnerability
GarrettCom Magnum 6K and 10K Switches are managed switches from GarrettCom USA. A security vulnerability exists in the GarrettCom Magnum 6K and 10K Switches that allows remote attackers to exploit the vulnerability by submitting a special request to reload the device, resulting in a denial of...
ZOHO ManageEngine Applications Manager FailOverHelperServlet servlet Information Disclosure Vulnerability
ZOHO ManageEngine Applications Manager is a set of application performance monitoring software from ZOHO. The software allows remote monitoring and management of different business systems, applications and network services e.g. servers, operating systems, etc.. An information disclosure...
cups-filters remove_bad_chars function arbitrary command execution vulnerability
CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A security vulnerability exists in the removebadchars function in cups-filters utils/cups-browsed.c,...
Seagate Business Storage 2-Bay NAS Remote Code Execution Vulnerability
The Seagate Business Storage 2-Bay NAS is an enterprise-class network storage server from Seagate USA. A remote code execution vulnerability exists in the Seagate Business Storage 2-Bay NAS. An attacker can exploit this vulnerability to execute arbitrary code with root privileges, which may also...
Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2015-00596)
Oracle VM VirtualBox is an open source virtual machine software. A security vulnerability in the VMSVGA device child of Oracle VM VirtualBox versions prior to 4.3.20 allows remote attackers to exploit the vulnerability to affect the availability, integrity of the system...
Denial of Service Vulnerability in Multiple Apple Products (CNVD-2026-14279)
Apple Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems.Apple iOS is a set of operating systems developed for mobile devices.Apple macOS is a set of specialized operating systems developed specifically for Mac computers.Apple Safari is a we...
Memory Error Vulnerability in Multiple Mozilla Products
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A memory error vulnerability exists in several Mozilla products, which c...
Linux Kernel Memory Corruption Vulnerability (CNVD-2025-04157)
The Linux Kernel is a core component of many operating systems and is responsible for managing system resources. A security vulnerability exists in the Linux Kernel. The vulnerability stems from improper handling of the adev-dm.dc variable. An attacker could use this vulnerability to cause a deni...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2025-02320)
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL's MySQL Server. An attacker can exploit this vulnerability to cause MySQL Server to hang or crash...
Esri Portal For ArcGIS Cross-Site Scripting Vulnerability (CNVD-2024-41008)
Esri Portal For ArcGIS is a component from Environmental Systems Research Institute Esri that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. Esri Portal For ArcGIS suffers from a cross-site scripting vulnerability that can be...
Adobe Commerce Input Validation Error Vulnerability (CNVD-2024-19008)
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an input validation error vulnerability that stems from vulnerability to incorrect input validation vulnerability, which could lead t...
Microsoft Defender for IoT elevation of privilege vulnerability (CNVD-2024-19330)
Microsoft Defender for IoT is an asset discovery, vulnerability management and threat monitoring solution for IoT/OT environments. An elevation of privilege vulnerability exists in Microsoft Defender for IoT, which can be exploited by an attacker to escalate privileges...
Multiple Mozilla product security bypass vulnerabilities (CNVD-2024-14980)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A security bypass vulnerability exists in several Mozilla products, whic...
Code execution vulnerability in multiple Mozilla products (CNVD-2024-14978)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products that...
Code execution vulnerability in multiple Mozilla products (CNVD-2024-14975)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products and is...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-14658)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...