213680 matches found
Directory traversal
FLIR AX8 thermal sensor cameras up to and including 1.46.16 are vulnerable to Directory Traversal due to improper access restriction. This vulnerability allows an unauthenticated, remote attacker to obtain arbitrary sensitive file contents by uploading a specially crafted symbolic link file...
Design/Logic Flaw
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...
Path traversal
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM...
Input validation
An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...
Command injection
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter...
Sql injection
Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter at /core/admin/copyfrom.php...
Remote code execution
Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
Code injection
Hyland Perceptive Filters releases before 2023-12-08 e.g., 11.4.0.2647, as used in Cisco IronPort Email Security Appliance Software, Cisco Secure Email Gateway, and various non-Cisco products, allow attackers to trigger a segmentation fault and execute arbitrary code via a crafted document...
Path traversal
Kyocera Device Manager before 3.1.1213.0 allows NTLM credential exposure during UNC path authentication via a crafted change from a local path to a UNC path. It allows administrators to configure the backup location of the database used by the application. Attempting to change this location to a...
Authorization
An Authorization Bypass Through User-Controlled Key vulnerability CWE-639 affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other...
Improper access control
A improper access control in Fortinet FortiPortal version 7.0.0 through 7.0.6, Fortinet FortiPortal version 7.2.0 through 7.2.1 allows attacker to escalate its privilege via specifically crafted HTTP requests...
Design/Logic Flaw
An allocation of resources without limits or throttling vulnerability CWE-770 in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted HTTP or HTTPS requests in a high frequency...
Privilege escalation
An improper privilege management vulnerability CWE-269 in a Fortinet FortiOS HA cluster version 7.4.0 through 7.4.1 and 7.2.5 and in a FortiProxy HA cluster version 7.4.0 through 7.4.1 allows an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS requests...
Path traversal
An improper limitation of a pathname to a restricted directory 'path traversal' vulnerability CWE-22 in FortiVoiceEntreprise version 7.0.0 and before 6.4.7 allows an authenticated attacker to read arbitrary files from the system via sending crafted HTTP or HTTPS requests...
Path traversal
An uncontrolled search path element vulnerability DLL hijacking has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Alternatively, they could host a trojanized version of the software and trick victims into downloading and installing their...
Remote file inclusion
A local file inclusion vulnerability exists in the getLanguageFromBrowser functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send a series of HTTP requests to trigger this vulnerability...
Information disclosure
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLimage parameter...
Information disclosure
An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...
Design/Logic Flaw
A recovery notification bypass vulnerability exists in the userRecoverPass.php captcha validation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to the silent creation of a recovery pass code for any user...
Cross site scripting
A cross-site scripting xss vulnerability exists in the functiongetOpenGraph videoName functionality of WWBN AVideo 11.6 and dev master commit 3c6bb3ff. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
Xxe
fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...
Information disclosure
An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...
Design/Logic Flaw
An insufficient entropy vulnerability exists in the userRecoverPass.php recoverPass generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to an arbitrary user password recovery. An attacker can send an HTTP request to trigger this...
Design/Logic Flaw
An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline...
Information disclosure
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLwebpimage parameter...
Information disclosure
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image upload functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read.This vulnerability is triggered by the downloadURLgifimage parameter...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function setIptvInfo...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function getIptvInfo...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function getIptvInfo...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function getIptvInfo...
Cross site scripting
A cross-site scripting xss vulnerability exists in the channelBody.php user name functionality of WWBN AVideo 11.6 and dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this...
Cross site scripting
A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...
Integer overflow
Redis is an in-memory database that persists on disk. Redis incorrectly handles resizing of memory buffers which can result in integer overflow that leads to heap overflow and potential remote code execution. This issue has been patched in version 7.0.15 and 7.2.4...
Design/Logic Flaw
A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a seri...
Unrestricted file upload
A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formGetIptv...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formGetIptv...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function setIptvInfo...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function setIptvInfo...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formGetIptv...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formGetIptv...
Design/Logic Flaw
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function setIptvInfo...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv...
Stack overflow
Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv...