SRC-2022-0006 : VMware Workspace ONE Access OAuth2TokenResourceController ACS Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware Workspace ONE Access. Authentication is not required to exploit this vulnerability. The specific flaw exists within OAuth2TokenResourceController class. The issue results...

SRC-2019-0057 : Artifex MuJS regcompx pattern Integer Overflow Remote Code Execution Vulnerability Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of MuPDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

SRC-2021-0009 : Smarty Template Engine template_object Sandbox Escape Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of Smarty Template Engine. Authentication is context dependant and may not be required to exploit this vulnerability. The specific flaw exists within the...

SRC-2021-0019 : Microsoft SharePoint Server ProfilePropertyLoader Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of Microsoft SharePoint Server. Authentication and user interaction is required to exploit this vulnerability. The specific flaw exists within the ProfilePropertyLoader control. The...

SRC-2021-0025 : Foxit Reader Field Format event Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2020-0018 : Adobe Acrobat Reader DC Out-of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specifi...

SRC-2021-0014 : Progress MOVEit Transfer (DMZ) SILHuman FolderApplySettingsRecurs SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of MOVEit Transfer. Authentication is required to exploit this vulnerability. The specific flaw exists within the FolderApplySettingsRecurs function of the SILHuman class. The iss...

SRC-2021-0018 : Microsoft SharePoint Server OAuth Authorization Code Leak Elevation of Privilege Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to elevate privileges. User interaction is required required to exploit this vulnerability. The specific flaw exists in the oauthauthorize page. The issue results from a missing X-Frame-Options header when performing an authorizati...

SRC-2021-0027 : Foxit Reader Field Calculate event Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2020-0011 : ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileStorage class. The issue results from the la...

SRC-2021-0022 : Dedecms ShowMsg Template Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dedecms. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the rendering templates. The issue results from the lac...

SRC-2017-0028 : Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Java SE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

SRC-2020-0023 : Microsoft SharePoint Server SoapDataSource GetResponseString Server-Side Request Forgery Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SoapDataSource class. The issue results from the lack of proper...

SRC-2021-0026 : Foxit Reader Field Keystroke event Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2021-0020 : Eclipse PHP Development Tools DBGP XML External Entity Processing Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Eclipse PHP Development Tools. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DBG protocol. The issue results from th...

SRC-2020-0034 : Microsoft SharePoint Server SPSqlDataSource Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the SPSqlDataSource class. The issue results from the lack ...

SRC-2021-0024 : Foxit Reader Field OnFocus event Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2021-0006 : NetMotion Mobility Server RpcServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RpcServlet class. The issue results from the lack of...

SRC-2021-0028 : Foxit Reader Field OnBlur event Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2021-0008 : NetMotion Mobility Server webrepdb StatusServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StatusServlet class. The issue results from the lack o...

SRC-2020-0010 : Schneider Electric EcoStruxure Operator Terminal Expert Hardcoded Cryptographic Key Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows local attackers to disclose sensitive information on affected installations of Schneider Electric EcoStruxure Operator Terminal Expert. Local access to project files is required to exploit this vulnerability. The specific flaw exists within the...

SRC-2018-0007 : Beckoff TwinCAT3 Multiple Kernel Drivers Untrusted Pointer Dereference Privilege Escalation Vulnerabilities

Vulnerability Details: This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Beckoff TwinCAT3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exist...

SRC-2021-0015 : zzzcms zzzphp parserIfLabel Template Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of zzzphp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the search template. The issue results from the lack of...

SRC-2020-0028 : Microsoft SharePoint Server PasswordRecovery Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the PasswordRecovery class. The issue results from the lack...

SRC-2019-0034 : Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Infrastructure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TarArchive class. The issue results from the lac...

SRC-2019-0053 : Hewlett Packard Enterprise Intelligent Management Center Standard OperatorMgrImpl isAccountBindingWithOperator SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2019-0032 : Foxit Reader PDF Printer Request Out-of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Foxit Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

SRC-2016-0009 : ATutor LMS password_reminder TOCTOU Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2016-0045 : Microsoft Internet Explorer HyperlinkString Out-Of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2020-0026 : Microsoft Exchange Server NewExchangeCertificate WriteRequest File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Exchange Server Certificates” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...

SRC-2021-0007 : NetMotion Mobility Server MvcUtil valueStringToObject Deserialization of Untrusted Data Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers execute arbitrary code on affected installations of NetMotion Mobility Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MvcUtil class. The issue results from the lack of prop...

SRC-2020-0019 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Data Loss Prevention” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...

SRC-2016-0007 : ATutor LMS searchFriends SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the searchFriends function within the ‘friends.inc.php’ script. An attacker...

SRC-2016-0040 : Microsoft Office Excel Binary Worksheet Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

SRC-2019-0060 : Adobe Photoshop CC Type 1 Font FontBBox array Stack Buffer Overflow Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...

SRC-2016-0022 : Microsoft Office Component FSupportSAEXTChar Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2020-0032 : Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Vulnerability (patch bypass)

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication with the “Data Loss Prevention” role is required to exploit this vulnerability. The specific flaw exists within the processing of the...

SRC-2019-0078 : Adobe Acrobat Pro DC Type PostScript File Out-of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

SRC-2019-0044 : Hewlett Packard Intelligent Management Center Standard SmscCfgDaoImpl updateEmailSuffix SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2021-0001 : Microsoft SharePoint Server ContentEditorWebPart GetHttpWebResponse Server-Side Request Forgery Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the ContentEditorWebPart class. The issue results from the...

SRC-2019-0083 : Cisco Prime Infrastructure Health Monitor HA TarArchive Command Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Infrastructure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TarArchive class. The issue results from the lac...

SRC-2017-0007 : Adobe Acrobat Pro DC ImageConversion EMF parsing EMR_EXTTEXTOUTA Array Indexing Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

SRC-2016-0012 : ATutor LMS confirm ‘UPDATE’ Type Juggling Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘confirm.php’ script when updating a members email address. The code uses a loose comparison when comparing the supplied...

SRC-2019-0038 : Cisco Prime Infrastructure XmpFileUploadServlet Directory Traversal Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Cisco Prime Infrastructure. Authentication is required to exploit this vulnerability. The specific flaw exists within the XmpFileUploadServlet servlet. The issue results from...

SRC-2019-0040 : Cisco Prime Infrastructure DbTableListAction orderByColumn SQL Injection Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco Prime Infrastructure. Authentication is required to exploit this vulnerability. The specific flaw exists within the DbTableListAction struts class. The issue...

SRC-2018-0017 : Foxit Reader PDF Parsing U3D Array Indexing Out-of-Bounds Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2018-0029 : Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

SRC-2016-0000 : ATutor LMS login_functions.inc.php Password Hash Usage Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on vulnerable installations of ATutor. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of challenges for authentication. The implementation of th...

SRC-2021-0016 : Microsoft SharePoint Server InputFormRegularExpressionValidator Denial of Service Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to cause a denial of service on affected installations of SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the InputFormRegularExpressionValidator class. The issue results...

SRC-2020-0013 : Cisco UCS Director MyCallable call Directory Traversal Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco UCS Director and Cisco UCS Director Express for Big Data. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...