iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. Date published : 2020-04-15 https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d https://www.twcert.org.tw/tw/cp-132-3534-fc7f5-1.html
The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file. Date published : 2020-04-15 https://www.chtsecurity.com/news/008fcbe8-198e-4c21-9417-5ba79a6b0e7d https://www.twcert.org.tw/tw/cp-132-3533-10afe-1.html
HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. Date published : 2020-04-15 https://gist.github.com/tonykuo76/d52014bbe81995eda499201446aec57a...
HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL. Date published : 2020-04-15 https://gist.github.com/tonykuo76/7d41c414f23ef1e47c97f7b97e1b33b0 https://www.chtsecurity.com/news/19400b04-ea92-4eaa-afa7-2449fd9b2e0b
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine. Date published...
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files. Date published : 2020-04-15 https://www.chtsecurity.com/news/be93c576-e421-489f-9453-a462bdd4c90d https://www.twcert.org.tw/tw/cp-132-3531-cba24-1.html
The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password....
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’....
A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka ‘Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability’....
An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka ‘Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability’. This CVE ID is unique from...
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka ‘Windows Kernel Elevation of Privilege Vulnerability’. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003. Date...
A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn...
A remote code execution vulnerability exists in Microsoft Dynamics Business Central, aka ‘Dynamics Business Central Remote Code Execution Vulnerability’. Date published : 2020-04-15 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1022
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.For all systems except Windows 10, an...