131102 matches found
Unspecified vulnerability exists in moodle (CNVD-2022-54952)
Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. a security vulnerability exists in Moodle, which stems from the description user field failing to hide when set to hidden. No details o...
Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72855)
Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host...
Microsoft Windows LDAP Remote Code Execution Vulnerability (CNVD-2022-72856)
Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host...
Alt-N Mdaemon Cross-Site Scripting Vulnerability
Alt-N MDaemon is a mail service system from Alt-N USA that provides complete mail server functionality, protects users from spam, enables web login to send and receive mail, supports remote management, and when used in conjunction with the MDaemon AntiVirus plugin, it also protects the system...
Microsoft Windows LDAP remote code execution vulnerability
Microsoft Windows is a desktop operating system from Microsoft Corporation. Microsoft Windows LDAP is vulnerable to remote code execution, which can be exploited by attackers to execute code on the target host...
Adobe InDesign Code Execution Vulnerability (CNVD-2022-76625)
A security vulnerability exists in Adobe InDesign, a set of typesetting and editing applications from Adobe. The vulnerability stems from a networked system or product that does not properly validate data boundaries when performing operations on memory, and can be exploited by an attacker to...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53554)
TOTOLINK N600R is a wireless router from Taiwan-based Gion Electronics TOTOLINK, China.A command injection vulnerability exists in TOTOLINK N600R, which can be exploited by attackers to conduct command injection attacks via the ipdoamin parameter in /setting/setDiagnosisCfg...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-5355)
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK Electronics, Inc. A command injection vulnerability exists in TOTOLINK N600R, which can be exploited by attackers to conduct command injection attacks via the lagtype parameter in /setting/setLanguageCfg...
Microsoft Windows Remote Desktop Protocol Information Disclosure Vulnerability (CNVD-2022-70061)
Microsoft Windows Remote Desktop Protocol RDP is an application used to connect to remote Windows desktops from Microsoft Corporation USA.Microsoft Windows Remote Desktop is vulnerable to information disclosure. The vulnerability stems from a configuration or other error in the operation of the...
Microsoft Windows Storage Spaces Controller Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Microsoft Windows Storage Spaces Controller, a driver necessary to provide storage space functionality from Microsoft Corporation USA. The vulnerability stems from an incorrect program call to a high-level native procedure. An attacker could explo...
WordPress plugin WPGraphQL access control error vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin WPGraphQL versions prior to 0.3.5 are vulnerable to an access control error that...
TOTOLINK N600R Command Injection Vulnerability (CNVD-2022-53552)
TOTOLINK N600R is a wireless router from Taiwan-based TOTOLINK, China.A command injection vulnerability exists in TOTOLINK N600R, which can be exploited by attackers to conduct command injection attacks via the devicemac parameter in /setting/setDeviceName...
Microsoft Windows Print Spooler Components Elevation of Privilege Vulnerability (CNVD-2022-70056)
An elevation of privilege vulnerability exists in Microsoft Windows Print Spooler Components, a print backend processor component of Microsoft Corporation USA. The vulnerability stems from an incorrect program call to a high-level native procedure. An attacker could exploit this vulnerability to...
D-Link DIR-816 Buffer Overflow Vulnerability (CNVD-2022-64489)
The D-Link DIR-816 is a wireless router from AUO D-Link of Taiwan, China. A buffer overflow vulnerability exists in the D-Link DIR-816 A2v1.10CNB04 firmware version, which originates from a boundary error in the proto parameter in /goform/form2IPQoSTcAdd when handling untrusted input. An attacker...
Unspecified vulnerability in Siemens SICAM P850 and SICAM P855 Devices (CNVD-2022-36397)
The SICAM P850 Multifunctional Measurement Device is used to collect, visualize, evaluate and transmit electrical measurement variables such as AC current, AC voltage, frequency, power, harmonics, etc. The SICAM P855 Multifunctional Device is used to collect, display and transmit measured...
F5 BIG-IP has an unspecified vulnerability (CNVD-2022-77528)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A security vulnerability exists in F5 BIG-IP, which can be exploited by attackers to cause a denial of service on the BIG-IP...
F5 BIG-IP Resource Management Error Vulnerability (CNVD-2022-74967)
F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. F5 BIG-IP is vulnerable to resource management errors, which can be exploited by attackers to cause service degradation,...
WordPress AdRotate plugin cross-site scripting vulnerability (CNVD-2022-59803)
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. Cross-site scripting vulnerabilities exist in versions of WordPress AdRotate plugin prior to 5.8.23. The...
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software Redirection Vulnerability
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of Cisco, a U.S. company.Cisco RoomOS Software is a set of automated management software for Cisco devices. Cisco TelePresence Collaboration Endpoint Software is a set of collaboration endpoint...
F5 BIG-IP multiple products have unspecified vulnerabilities
F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing, etc. Several F5 BIG-IP products have security vulnerabilities that can be exploited by attackers to access certificate and key files from remote...
JetBrains IntelliJ IDEA Cross-Site Scripting Vulnerability
JetBrains IntelliJ IDEA is a set of integrated development environments for the Java language from Jetbrains Czech Republic.A cross-site scripting vulnerability exists in versions prior to JetBrains IntelliJ IDEA 2022.1, which stems from an error message in the internal web server that lacks a...
SAP Cloud Connector Trust Management Issue Vulnerability
SAP Cloud Connector is a connector for connecting to the SAP Cloud Platform from SAP Germany. SAP Cloud Connector 2.0 suffers from a trust management issue vulnerability that stems from SAP Cloud Connector being able to communicate with the backend without sufficiently validating certificates. An...
Samsung SMR Input Validation Error Vulnerability (CNVD-2022-64253)
Samsung SMR is a system patch package from Samsung South Korea. It provides patches for Samsung mobile applications. Samsung SMR suffers from an input validation error vulnerability that can be exploited by attackers to initiate certain activities...
FANUC ROBOGUIDE elevation of privilege vulnerability
FANUC ROBOGUIDE is a robot simulation software from FANUC, Japan. FANUC ROBOGUIDE v9.40083.00.05 and previous versions have an elevation of privilege vulnerability. The vulnerability stems from the fact that the affected product is vulnerable to misconfigured binaries, and an attacker with...
Hubzilla file inclusion vulnerability
Hubzilla is an open source platform for creating interconnected websites with a decentralized identity, communications and permissions framework built using common web server technology.Hubzilla version 7.2 previously contained a security vulnerability that could be exploited by remote attackers ...
Cisco IOS XE Elevation of Privilege Vulnerability (CNVD-2022-55149)
Cisco IOS XE is a set of operating systems developed by Cisco for its network devices.Cisco IOS XE has an elevation of privilege vulnerability that can be exploited by attackers to execute arbitrary commands as root...
Microsoft Windows Digital Media Receiver Elevation of Privilege Vulnerability
Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An elevation of privilege vulnerability exists in Microsoft Windows Digital Media Receiver. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. ...
Huawei EMUI Information Disclosure Vulnerability (CNVD-2022-64484)
Huawei EMUI is an Android-based mobile operating system developed by the Chinese company Huawei Huawei. Huawei EMUI suffers from an information disclosure vulnerability, which is caused by an unauthorized rewrite vulnerability in the memory access management module on the ACPU. An attacker can...
Microsoft Windows DNS Server Remote Code Execution Vulnerability (CNVD-2022-84609)
Microsoft Windows is a set of operating systems for personal devices used by the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Windows DNS Server, which can be exploited by attackers to execute arbitrary code on the system...
Microsoft Windows Graphics Component Remote Code Execution Vulnerability (CNVD-2022-74593)
A remote code execution vulnerability exists in Microsoft Windows Graphics Components, which originates when a network system or product fails to properly filter external input data during the construction of code segments. elements during the construction of code segments from external input dat...
Samsung SMR DSP Driver Resource Management Error Vulnerability
Samsung SMR is a system patch package from South Korea's Samsung Samsung. The Samsung SMR DSP driver is vulnerable to resource management errors, which can be exploited by attackers to perform malicious operations...
Jenkins Node and Label parameter Plugin Cross-Site Scripting Vulnerability
Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.A cross-site scripting vulnerability exists in the Jenkins Node and Label parameter Plugin, which stems from the applicatio...
Webmin Cross-Site Scripting Vulnerability (CNVD-2022-61348)
Webmin is a set of Web-based system administration tools for Unix-like operating systems from the Webmin community.A cross-site scripting vulnerability exists in Webmin version 1.973, which stems from the lack of filtering and escaping of user-submitted parameters for the Add User feature. An...
KevinLAB Building Energy Management System SQL注入漏洞
KevinLAB Building Energy Management System is a building energy management system from KevinLAB Korea. SQL injection vulnerability exists in KevinLAB Building Energy Management System version 4ST BEMS 1.0.0, which originates from a missing validation of external input SQL statements in the inputi...
Information Leakage Vulnerability in Webpage Tampering Prevention System of Beijing Netnifty Nebula Information Technology Co.
Beijing Netnifty Information Technology Co., Ltd. covers network border security protection, application and data security protection, network security risk management, professional security solutions and professional security services. There is an information leakage vulnerability in the webpage...
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CNVD-2022-60119)
Microsoft Edge is a web browser that comes with versions of Windows 10 and later, and an elevation of privilege vulnerability exists in Microsoft Edge Chromium-based. An attacker could exploit this vulnerability to elevate privileges...
Microsoft Edge Elevation of Privilege Vulnerability (CNVD-2022-36039)
Microsoft Edge is a web browser that comes with post-Windows 10 versions of Microsoft Corporation Microsoft. Microsoft Edge has an elevation of privilege vulnerability, and no details of the vulnerability are available...
TotoLink EX300_v2 Command Injection Vulnerability
TotoLink EX300 is a 300 Mbps wireless N range extender from TotoLink China.TotoLink EX300v2 V4.0.3c.140B20210429 is vulnerable to command injection, which can be exploited by unauthenticated attackers to remotely execute code as root via MitM attack...
Google Go Denial of Service Vulnerability (CNVD-2022-55062)
Google Go is a statically strongly typed, compiled, concurrent, and garbage collected programming language from Google, Inc. A denial of service vulnerability exists in Google Go that could be exploited to cause a denial of service in client applications...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57841)
ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability that stems from the fact that the program is not properly filtered and can be exploited by remote attackers to execute arbitrary HTML or JavaScript cod...
ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57805)
ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which can be exploited by remote attackers with the 'newMonitorV4LCapturesPerFrame' paramete...
OpenEMR Cross-Site Scripting Vulnerability (CNVD-2022-61336)
OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. cross-site scripting vulnerabilities exist in versions of OpenEMR prior to...
SourceCodester College Website Management System SQL Injection Vulnerability
SourceCodester College Website Management System is an application of SourceCodester, Inc. SourceCodester College Website Management System version 1.0 is vulnerable to SQL injection, which originates from the lack of user-supplied data and output data in the id parameter of...
Bentley MicroStation CONNECT Information Disclosure Vulnerability
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting. An information disclosure vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to obtain sensitive information...
Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65026)
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting. A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by an attacker to execute arbitrary code in the context of the current process...
Bentley MicroStation CONNECT Code Execution Vulnerability (CNVD-2022-65619)
Bentley MicroStation CONNECT is a Cad software platform for 2D and 3D design and drafting.A code execution vulnerability exists in Bentley MicroStation CONNECT, which can be exploited by attackers to execute arbitrary code in the context of the current process...
IBM Business Automation Workflow and Business Process Manager Information Disclosure Vulnerability
IBM Business Automation Workflow is a suite of workflow automation solutions from IBM USA. The product is mainly used for workflow management, compliance management, and features workflow visibility and scalability. An information disclosure vulnerability exists in IBM Business Automation Workflo...
WordPress WP Home Page Menu plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed by the Wordpress Foundation using the PHP language. WordPress plugin is a WordPress application plugin. WordPress WP Home Page Menu plugin versions prior to 3.1 contain a cross-site scripting vulnerability that stems from the plugin's failure to...
Totolink X5000R and TotoLink A7000R Command Injection Vulnerability (CNVD-2022-21814)
Totolink X5000R is a router from Totolink China.TotoLink A7000R is a wireless router from TotoLink China. A security vulnerability exists in the X5000R V9.1.0u.6118B20201102 and A7000R V9.1.0u.6115B20201022 of Totolink routers, which can be exploited by an attacker to execute arbitrary commands v...
GPAC Resource Management Error Vulnerability (CNVD-2022-22298)
GPAC is an open source multimedia framework. GPAC suffers from a resource management error vulnerability, no detailed vulnerability details are provided at this time...