Advantech iView TaskMgrTable getExportData SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskMgrTable class. The issue results from the lack of proper validation of a...

Advantech iView TrapEventConfig retrieveDeviceTrapConfig SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the retrieveDeviceTrapConfig method of the TrapEventConfig...

(Pwn2Own) Microsoft Windows DirectComposition RemoveBindingManagerReferenceFromTrackerIfNecessary Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of th...

Advantech iView NetworkServlet Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of...

Advantech iView ZTPConfigTable findConfiguration SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ZTPConfigTable class. The issue results from the lack of proper validation of a...

Advantech iView LinksTable retrieveSearchLinks SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the retrieveSearchLinks method of the LinksTable class. When...

Advantech iView TaskEditDeviceTable getTaskEditorSearchDevices SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper validation of a...

Advantech iView DeviceTreeTable getUpdateDeviceListDetails SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceTreeTable class. The issue results from the lack of proper validation ...

Advantech iView ConfigurationTable setConfigurationItem SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the setConfigurationItem method of the...

Advantech iView User addUser SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the lack of proper validation of a...

Advantech iView PSTable getPSInventoryExportData SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getPSInventoryExportData method of the PSTable class. Whe...

Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation...

Advantech iView TaskEditDeviceTable updateDeviceAuthentication SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper...

Advantech iView NetworkServlet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a...

Advantech iView UserServlet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet servlet. The issue results from the lack of proper validation of a...

Advantech iView TaskEditDeviceTable updateSelected SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper...

Advantech iView LinksTable deleteLinks SQL Injection Remote code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the deleteLinks method of the LinksTable class. The issue...

Advantech iView TaskEditDeviceTable getDeviceCount SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper validation of a...

Advantech iView TaskEditDeviceTable updateSelectedPROMVersion SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper...

Advantech iView User setUserAccountInfo SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the lack of proper validation of a...

Advantech iView TaskEditDeviceTable initTaskEditorSearchValues SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper validation of a...

Advantech iView User checkForDuplicateUserName SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the User class. The issue results from the lack of proper validation of a user-supplied...

Advantech iView DeviceTreeTable updateSegmentInfo SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceTreeTable class. The issue results from the lack of proper validation ...

Advantech iView ZTPConfig importZtpConfiguration Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the importZtpConfiguration method of the ZTPConfig...

Advantech iView DeviceTreeTable updateNamingData SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateNamingData method of the DeviceTreeTable...

Microsoft Windows fontdrvhost Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation...

Microsoft SharePoint Scorecards Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of controls in the Microsoft.PerformancePoint.Scorecards.Client...

Advantech iView NetworkServlet restoreDatabase Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the restoreDatabase method of the NetworkServlet class. The...

Advantech iView TaskMgrTable getExportDataDetails SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getExportDataDetails method of the TaskMgrTable class. Wh...

Microsoft Windows mf3216 EMF EMR_SETDIBITSTODEVICE Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Advantech iView UserServlet performDeleteUser Missing Authentication for Critical Function Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UserServlet class. The issue results from the lack of authentication prior t...

Foxit Studio Photo PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Studio Photo TIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Advantech iView MenuServlet Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MenuServlet servlet. The issue results from the lack of proper validation of...

Advantech iView LinksTable exportLinks Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the exportLinks method of the LinksTable class. The issue...

Microsoft Windows PFB Font File Out-Of-Bounds Write Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the parsing of...

Advantech iView TaskEditDeviceTable clearTaskEditorTable SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper...

(Pwn2Own) Microsoft Windows DirectComposition SetBufferProperty Use-After-Free Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of th...

Advantech iView NetworkServlet Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a...

Advantech iView UpdateTable insertUpdateItem SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UpdateTable class. The issue results from the lack of proper validation of a...

Advantech iView ZTPConfigTable findConfiguration SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TaskEditDeviceTable class. The issue results from the lack of proper...

Advantech iView DeviceTreeTable getInventoryExportData SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getInventoryExportData method of the DeviceTreeTable clas...

Advantech iView NetworkServlet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a...

Advantech iView SystemTable updateLDAPSettings SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the updateLDAPSettings method of the SystemTable clas...

Advantech iView DeviceTreeTable getInventoryReportData SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the getInventoryReportData method of the DeviceTreeTable clas...

Advantech iView DeviceTreeTable setDeviceAuthentication SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceTreeTable class. The issue results from the lack of proper validation ...

Advantech iView DeviceTreeTable checkForChassisUpdates SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the checkForChassisUpdates method of the DeviceTreeTable clas...

Advantech iView NetworkServlet SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation...

Advantech iView TrapTable retrieveActiveTrapCount SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the retrieveActiveTrapCount method of the TrapTable class. Wh...