A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An...
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacker to obtain sensitive information due to insecure communications being used between the application and server. IBM X-Force ID: 183935. Date published : 2020-06-26...
IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
HCL Notes is vulnerable to an information leakage vulnerability through its support for the ‘mailto’ protocol. This vulnerability could result in files from the user’s filesystem or connected network filesystems being leaked to a...
Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure . Date published : 2020-06-26 https://helpx.adobe.com/security/products/after_effects/apsb20-21.html
Adobe Digital Editions versions 4.5.11.187212 and below have a file enumeration (host or local network) vulnerability. Successful exploitation could lead to information disclosure. Date published : 2020-06-26 https://helpx.adobe.com/security/products/Digital-Editions/apsb20-23.html
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure. Date published : 2020-06-26 https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll search-order hijacking vulnerability. Successful exploitation could lead to privilege escalation. Date published : 2020-06-26 https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html
ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insufficient input validation vulnerability. Successful exploitation could lead to application-level denial-of-service (dos). Date published : 2020-06-26 https://helpx.adobe.com/security/products/coldfusion/apsb20-18.html
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITYAuthenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition,...
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API. Date published : 2020-06-26 https://pierrekim.github.io/blog/2020-03-09-zyxel-secumanager-0day-vulnerabilities.html https://www.zyxel.com/support/vulnerabilities-of-CloudCNM-SecuManager.shtml