293 matches found
SRC-2025-0007 : Samsung MagicINFO 9 Server MagicInfoWebAuthorClient ContentSaveServiceImpl writeXmlToFile File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...
SRC-2025-0006 : Samsung MagicINFO 9 Server MagicInfoWebAuthorClient ContentSaveServiceImpl writeXmlToFile File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...
SRC-2025-0005 : Samsung MagicINFO 9 Server ContentSaveServiceImpl getMediaSourceFromNewFile File Upload Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...
SRC-2025-0003 : Samsung MagicINFO 9 Server downloadChangedFiles Directory Traversal Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadChangedFiles function. The issue results fr...
SRC-2025-0002 : Samsung MagicINFO 9 Server Hard-coded Credentials Local Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists wi...
SRC-2025-0004 : Samsung MagicINFO 9 Server ResponseUploadActivity TOCTOU Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ResponseUploadActivity class. The issue results fr...
SRC-2025-0001 : Samsung MagicINFO 9 Server ResponseBootstrappingActivity Exposed Dangerous Method Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO. Authentication is required and SaaS environment needs to be configured. The specific flaw exists within ability to dynamically create FTP accounts. An attack...
SRC-2023-0004 : Apache Struts Security Feature Bypass Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on applications utilizing affected installations of Apache Struts. Depending on the context, authentication may not be required to exploit this vulnerability. The specific flaw exists within the...
SRC-2024-0001 : Trackplus Allegra Service Desk Module UploadHelper upload Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trackplus Allegra. Even though authentication is required, guest account registration is enabled by default. The specific flaw exists within the struts core dependency. An...
SRC-2023-0003 : TP-Link Archer AX20/AX21 minidlnad db_dir Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX20 and AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the misconfiguration of the dbdir...
SRC-2022-0023 : VMWare Workspace ONE Access ClaimTransformationHelper validateClaimRuleCondition Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Workspace ONE Access. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...
SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a vulnerable unmarshaller used to handle incoming...
SRC-2022-0015 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Although authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue...
SRC-2022-0016 : VMware Workspace ONE Access ntpServer.hzn Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workspace ONE Access. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...
SRC-2022-0017 : VMware vRealize Operations Manager MainPortalFilter Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware vRealize Operations. Authentication is not required to exploit this vulnerability. The specific flaw exists within MainPortalFilter class. The issue results from the...
SRC-2022-0019 : VMware vRealize Operations Manager SupportLogAction Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to leak sensitive information in VMware vRealize Operations. Authentication is required to exploit this vulnerability however the existing authentication mechanism can be bypassed. The issue results from the ability to access log...
SRC-2022-0020 : VMware vRealize Operations Manager generateSupportBundle VCOPS_BASE Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware vRealize Operations Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...
SRC-2022-0018 : VMware vRealize Operations Manager DeploymentNodeLevelController Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to leak sensitive information in VMware vRealize Operations. Authentication is required to exploit this vulnerability however the existing authentication mechanism can be bypassed. The issue results from the ability to request acce...
SRC-2022-0013 : Inductive Automation Ignition GatewaySessionManagerImpl Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within GatewaySessionManagerImpl class. The issue results...
SRC-2022-0014 : Inductive Automation Ignition ScriptInvoke Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exist...
SRC-2023-0001 : PTC Thingworx Edge C-SDK twHeader_fromStream Integer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PTC Thingworx Edge C-SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the twHeaderfromStream function. An integer wrap occurs...
SRC-2023-0002 : PTC Thingworx Edge C-SDK mulitpartMessageStoreEntry_Create Array Indexing Out-of-Bounds Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PTC Thingworx Edge C-SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mulitpartMessageStoreEntryCreate function. An...
SRC-2022-0005 : VMware Workspace ONE Access customError.ftl Server-side Template Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within the customError.ftl template. The issue results from...
SRC-2022-0012 : VMware Workspace ONE Access BrandingResource getBranding Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to dislose the hostname on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within BrandingResource class. The issue results from the...
SRC-2022-0011 : VMware Workspace ONE Access gatherConfig.hzn Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workspace ONE Access. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...
SRC-2022-0006 : VMware Workspace ONE Access OAuth2TokenResourceController ACS Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within OAuth2TokenResourceController class. The issue results...
SRC-2022-0010 : VMware Workspace ONE Access DBConnectionCheckController Cross-Site Request Forgery Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...
SRC-2022-0007 : VMware Workspace ONE Access OAuth2ActivateResource ACS Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within OAuth2ActivateResource class. The issue results from t...
SRC-2022-0008 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue results from...
SRC-2022-0009 : VMware Workspace ONE Access DBConnectionCheckController dbCheck JDBC Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
SRC-2022-0002 : Zoho ManageEngine Desktop Central ChangeAmazonPasswordServlet Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to elevate privileges on affected installations of ManageEngine Desktop Central. Authentication as a low privileged user is required to exploit this vulnerability. The specific flaw exists within the ChangeAmazonPasswordServlet...
SRC-2022-0003 : Adobe Acrobat Reader DC abs Type 2 Font Parsing Charstring Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2021-0029 : Dedecms GetCookie Type Juggling Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetCookie function. The issue results from a loose comparison check wh...
SRC-2021-0022 : Dedecms ShowMsg Template Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the rendering templates. The issue results from the lac...
SRC-2021-0028 : Foxit Reader Field OnBlur event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2021-0026 : Foxit Reader Field Keystroke event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2021-0027 : Foxit Reader Field Calculate event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2021-0025 : Foxit Reader Field Format event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2021-0024 : Foxit Reader Field OnFocus event Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2021-0023 : Foxit Reader Annotation transitionToState Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2021-0020 : Eclipse PHP Development Tools DBGP XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eclipse PHP Development Tools. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBG protocol. The issue results from th...
SRC-2021-0021 : League flysystem removeFunkyWhiteSpace Time-Of-Check Time-Of-Use File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of League flysystem. Authentication may not be required to exploit this vulnerability. The specific flaw exists within the removeFunkyWhiteSpace function. The issue results from a...
SRC-2021-0017 : Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Jetty Web Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConcatServlet and WelcomeFilter classes. The issue results fro...
SRC-2021-0015 : zzzcms zzzphp parserIfLabel Template Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of zzzphp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the search template. The issue results from the lack of...
SRC-2021-0014 : Progress MOVEit Transfer (DMZ) SILHuman FolderApplySettingsRecurs SQL Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of MOVEit Transfer. Authentication is required to exploit this vulnerability. The specific flaw exists within the FolderApplySettingsRecurs function of the SILHuman class. The iss...
SRC-2021-0010 : Smarty Template Engine Smarty_Internal_Runtime_TplFunction Sandbox Escape Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of Smarty Template Engine. Authentication is context dependant and may not be required to exploit this vulnerability. The specific flaw exists within the SmartyInternalCompileFunctio...
SRC-2021-0009 : Smarty Template Engine template_object Sandbox Escape Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of Smarty Template Engine. Authentication is context dependant and may not be required to exploit this vulnerability. The specific flaw exists within the...
SRC-2021-0016 : Microsoft SharePoint Server InputFormRegularExpressionValidator Denial of Service Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to cause a denial of service on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the InputFormRegularExpressionValidator class. The issue results...
SRC-2021-0012 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Records Management” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...