293 matches found
SRC-2023-0003 : TP-Link Archer AX20/AX21 minidlnad db_dir Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Archer AX20 and AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the misconfiguration of the dbdir...
SRC-2021-0010 : Smarty Template Engine Smarty_Internal_Runtime_TplFunction Sandbox Escape Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of Smarty Template Engine. Authentication is context dependant and may not be required to exploit this vulnerability. The specific flaw exists within the SmartyInternalCompileFunctio...
SRC-2021-0021 : League flysystem removeFunkyWhiteSpace Time-Of-Check Time-Of-Use File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of League flysystem. Authentication may not be required to exploit this vulnerability. The specific flaw exists within the removeFunkyWhiteSpace function. The issue results from a...
SRC-2022-0005 : VMware Workspace ONE Access customError.ftl Server-side Template Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within the customError.ftl template. The issue results from...
SRC-2022-0015 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Although authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue...
SRC-2024-0001 : Trackplus Allegra Service Desk Module UploadHelper upload Directory Traversal Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trackplus Allegra. Even though authentication is required, guest account registration is enabled by default. The specific flaw exists within the struts core dependency. An...
SRC-2023-0001 : PTC Thingworx Edge C-SDK twHeader_fromStream Integer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PTC Thingworx Edge C-SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the twHeaderfromStream function. An integer wrap occurs...
SRC-2022-0001 : Zoho ManageEngine Desktop Central StateFilter Arbitrary Forward Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of ManageEngine Desktop Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StateFilter class. The issue results from an...
SRC-2020-0030 : Microsoft Exchange Server OWA OneDriveProUtilities GetWacUrl XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of GetWacIframeUrlForOneDrive service commands. The issu...
SRC-2023-0004 : Apache Struts Security Feature Bypass Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on applications utilizing affected installations of Apache Struts. Depending on the context, authentication may not be required to exploit this vulnerability. The specific flaw exists within the...
SRC-2022-0016 : VMware Workspace ONE Access ntpServer.hzn Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workspace ONE Access. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...
SRC-2019-0009 : Foxit Reader SDK ActiveX Launch Action New Window Command Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader SDK ActiveX Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2022-0021 : VMWare Cloud Foundation NSX-V XStream Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists due to a vulnerable unmarshaller used to handle incoming...
SRC-2020-0024 : Microsoft SharePoint Server TOCTOU ControlParameter Binding Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the WebPartEditingSurfacePage class. The issue results from the lac...
SRC-2022-0023 : VMWare Workspace ONE Access ClaimTransformationHelper validateClaimRuleCondition Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Workspace ONE Access. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...
SRC-2022-0022 : VMWare Cloud Foundation NSX-V VsmUsernamePasswordAuthenticationFilter parseUsernamePasswordFromXML XML External Entity Processing Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of VMWare Cloud Foundation NSX-V. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VsmUsernamePasswordAuthenticationFilter...
SRC-2021-0029 : Dedecms GetCookie Type Juggling Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetCookie function. The issue results from a loose comparison check wh...
SRC-2022-0020 : VMware vRealize Operations Manager generateSupportBundle VCOPS_BASE Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware vRealize Operations Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...
SRC-2022-0019 : VMware vRealize Operations Manager SupportLogAction Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to leak sensitive information in VMware vRealize Operations. Authentication is required to exploit this vulnerability however the existing authentication mechanism can be bypassed. The issue results from the ability to access log...
SRC-2022-0009 : VMware Workspace ONE Access DBConnectionCheckController dbCheck JDBC Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...
SRC-2022-0018 : VMware vRealize Operations Manager DeploymentNodeLevelController Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to leak sensitive information in VMware vRealize Operations. Authentication is required to exploit this vulnerability however the existing authentication mechanism can be bypassed. The issue results from the ability to request acce...
SRC-2022-0011 : VMware Workspace ONE Access gatherConfig.hzn Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workspace ONE Access. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...
SRC-2025-0004 : Samsung MagicINFO 9 Server ResponseUploadActivity TOCTOU Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ResponseUploadActivity class. The issue results fr...
SRC-2020-0022 : Microsoft SharePoint Server DataFormWebPart CreateChildControls Server-Side Include Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the DataFormWebPart class. The issue results from the lack of prope...
SRC-2025-0001 : Samsung MagicINFO 9 Server ResponseBootstrappingActivity Exposed Dangerous Method Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO. Authentication is required and SaaS environment needs to be configured. The specific flaw exists within ability to dynamically create FTP accounts. An attack...
SRC-2022-0002 : Zoho ManageEngine Desktop Central ChangeAmazonPasswordServlet Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to elevate privileges on affected installations of ManageEngine Desktop Central. Authentication as a low privileged user is required to exploit this vulnerability. The specific flaw exists within the ChangeAmazonPasswordServlet...
SRC-2021-0017 : Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Jetty Web Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConcatServlet and WelcomeFilter classes. The issue results fro...
SRC-2022-0017 : VMware vRealize Operations Manager MainPortalFilter Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware vRealize Operations. Authentication is not required to exploit this vulnerability. The specific flaw exists within MainPortalFilter class. The issue results from the...
SRC-2025-0006 : Samsung MagicINFO 9 Server MagicInfoWebAuthorClient ContentSaveServiceImpl writeXmlToFile File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...
SRC-2025-0005 : Samsung MagicINFO 9 Server ContentSaveServiceImpl getMediaSourceFromNewFile File Upload Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...
SRC-2025-0002 : Samsung MagicINFO 9 Server Hard-coded Credentials Local Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of Samsung MagicINFO. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists wi...
SRC-2025-0003 : Samsung MagicINFO 9 Server downloadChangedFiles Directory Traversal Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Samsung MagicINFO 9 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadChangedFiles function. The issue results fr...
SRC-2021-0013 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy ruleParameters TOCTOU Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Data Loss Prevention” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2022-0008 : VMware Workspace ONE Access ApplicationSetupController dbTestConnection JDBC Injection Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. Authentication is required to exploit this vulnerability. The specific flaw exists within ApplicationSetupController class. The issue results from...
SRC-2021-0011 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Records Management” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2025-0007 : Samsung MagicINFO 9 Server MagicInfoWebAuthorClient ContentSaveServiceImpl writeXmlToFile File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicINFO 9 Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentSaveServiceImpl class. The issue results from t...
SRC-2022-0012 : VMware Workspace ONE Access BrandingResource getBranding Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to dislose the hostname on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within BrandingResource class. The issue results from the...
SRC-2022-0013 : Inductive Automation Ignition GatewaySessionManagerImpl Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability. The specific flaw exists within GatewaySessionManagerImpl class. The issue results...
SRC-2023-0002 : PTC Thingworx Edge C-SDK mulitpartMessageStoreEntry_Create Array Indexing Out-of-Bounds Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of PTC Thingworx Edge C-SDK. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mulitpartMessageStoreEntryCreate function. An...
SRC-2022-0007 : VMware Workspace ONE Access OAuth2ActivateResource ACS Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within OAuth2ActivateResource class. The issue results from t...
SRC-2022-0014 : Inductive Automation Ignition ScriptInvoke Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exist...
SRC-2022-0003 : Adobe Acrobat Reader DC abs Type 2 Font Parsing Charstring Out-of-Bounds Read Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
SRC-2021-0005 : NetMotion Mobility Server SupportRpcServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the SupportRpcServlet class. The issue results from the la...
SRC-2020-0025 : Microsoft Exchange Server ExportExchangeCertificate WriteCertiricate File Write Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Exchange Server Certificates” role is required to exploit this vulnerability. The specific flaw exists within the WriteCertiricate...
SRC-2022-0010 : VMware Workspace ONE Access DBConnectionCheckController Cross-Site Request Forgery Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware Workspace ONE Access. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fl...
SRC-2019-0010 : Foxit Reader SDK ActiveX URI Parsing Stack Based Buffer Overflow Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader SDK ActiveX Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
SRC-2021-0023 : Foxit Reader Annotation transitionToState Use-After-Free Remote Code Execution Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...
SRC-2021-0012 : Microsoft Exchange Server ImportTransportRuleCollection ProcessE15Format Remote Code Execution Vulnerability (patch bypass)
Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Records Management” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...
SRC-2021-0004 : Microsoft Exchange Server msExchEcpCanary Cross Site Request Forgery Elevation of Privilege Vulnerability
Vulnerability Details: This vulnerability allows remote attackers escalate privileges on affected installations of Microsoft Exchange Server. Authentication and user interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists with...
SRC-2022-0004 : Microsoft SharePoint Server SPWebRequest SafeCreate TOCTOU DNS Rebinding Security Feature Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose bypass access IP restrictions on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPWebRequest SafeCreate API. The issu...