SRC-2017-0020 : Hewlett Packard Enterprise Intelligent Management Center powershellConfigContent Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2017-0017 : Hewlett Packard Enterprise Intelligent Management Center ictExpertCSVDownload IctTableExportToCSVBean Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2017-0012 : Hewlett Packard Enterprise Intelligent Management Center devGroupSelect Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2016-0016 : ATutor LMS password_reminder ‘UPDATE’ Type Juggling Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘passwordreminder.php’ script when performing an password reset. The code uses a loose comparison when comparing the...

SRC-2015-0002 : Oracle Endeca Tools and Frameworks Session Generation Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of Oracle Endeca Tools and Frameworks. Authentication is not required to exploit this vulnerability. The specific flaw exists when parsing the auth parameter. The service generates...

SRC-2019-0031 : Foxit Reader PDF Printer proxyPreviewAction Stack Buffer Overflow Elevation of Privilege Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Foxit Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists withi...

SRC-2018-0032 : Vanilla Forums Gdn_Format unserialize Unserialize Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the unserialize function...

SRC-2018-0023 : Adobe Acrobat Pro DC XPS OpenType Font Parsing idDelta Heap Buffer Overflow Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

SRC-2018-0012 : Foxit Reader PDF Parsing U3D Heap-based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2018-0002 : Delta Industrial Automation Screen Editor Project File Parsing CDocument Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation Screen Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file...

SRC-2017-0022 : Hewlett Packard Enterprise Intelligent Management Center soapConfigContent Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2017-0010 : Hewlett Packard Enterprise Intelligent Management Center actionSelectContent Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2016-0020 : ATutor LMS view_transcript File Disclosure Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2016-0010 : ATutor LMS question_import Directory Traversal Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2016-0005 : ATutor LMS searchMembers SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2019-0029 : Foxit Reader PDF Printer proxyDoAction opcode 0x100000 Stack Buffer Overflow Elevation of Privilege Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Foxit Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists withi...

SRC-2019-0020 : Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the getSingleIndex...

SRC-2018-0011 : Foxit Reader PDF Parsing U3D Heap-based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2018-0010 : Foxit Reader PDF Parsing U3D Heap-based Buffer Overflow Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2017-0026 : Jungo DriverWizard WinDriver Kernel Pool Overflow Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

SRC-2016-0027 : Foxit Reader FlateDecode Use-After-Free Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2016-0033 : Samsung Security Manager Redis Server Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

SRC-2016-0018 : ATutor LMS view_transcript File Disclosure Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2018-0006 : Synology Photo Station SYNOPHOTO_Flickr_MultiUpload Race Condition File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Synology Photo Station. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

SRC-2017-0029 : Kingsoft Antivirus and Internet Security Kernel Stack Buffer Overflow Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Kingsoft Internet Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific fla...

SRC-2017-0011 : Hewlett Packard Enterprise Intelligent Management Center addVsiInterfaceInfo Expression Language Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be...

SRC-2016-0015 : ATutor LMS write_temp_file File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2016-0011 : ATutor LMS import_test Directory Traversal Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2018-0031 : Vanilla Forums ImportController index file_exists Unserialize Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability, however the authentication can be bypassed. The specific flaw exists within the index function of th...

SRC-2017-0025 : Jungo DriverWizard WinDriver Kernel Driver Out-of-Bounds Write Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Jungo WinDriver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

SRC-2017-0004 : AContent Directory Traversal Information Disclosure and Remote Code Execution Vulnerabilities

Vulnerability Details: These vulnerabilities allow remote attackers to disclose information or execute arbitrary code on vulnerable installations of AContent. Authentication is required to exploit the remote code execution vulnerabilities, however account registration is open by default. The...

SRC-2016-0032 : Samsung Security Manager ActiveMQ Broker Service PUT Method Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

SRC-2016-0013 : ATutor LMS ims_import Directory Traversal Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2016-0004 : ATutor LMS SocialGroups search SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2018-0005 : Synology Photo Station LogList Stored Cross Site Scripting Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Synology Photo Station. User interaction is not required to exploit this vulnerability. The specific flaw exists when parsing html characters in the LogList function. The issu...

SRC-2016-0030 : Foxit Reader JPXDecode Out-of-Bounds Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2016-0031 : Samsung Security Manager ActiveMQ Broker Service MOVE Method Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Security Manager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific fla...

SRC-2016-0017 : ATutor LMS view_item File Disclosure Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2016-0019 : ATutor LMS get_course_icon File Disclosure Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2016-0003 : ATutor LMS PhotoAlbum search SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2016-0006 : ATutor LMS updateAdditionalInformation SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

SRC-2016-0028 : Foxit Reader ConvertToPDF TIF Parsing Out-of-Bounds Read Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

SRC-2018-0035 : Vanilla Forums AddonManager getSingleIndex Directory Traversal File Inclusion Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Vanilla Forums. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSingleIndex function of the AddonManager class. The issue...