IBM Concert 1.0.0 through 2.0.0 could allow a local user with specific permission to obtain sensitive information from files due to uncontrolled recursive directory copying. More information : https://www.ibm.com/support/pages/node/7252019
IBM Concert 1.0.0 through 2.0.0 could allow a local user to forge log files to impersonate other users or hide their identity due to improper neutralization of output. More information : https://www.ibm.com/support/pages/node/7252019
IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system. More information : https://www.ibm.com/support/pages/node/7252019
IBM Concert 1.0.0 through 2.0.0 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
A vulnerability exists in the Opto22 Groov Manage REST API on GRV-EPIC and groov RIO Products that allows remote code execution with root privileges. When a POST request is executed against the vulnerable endpoint,...
Quark Cloud Drive v3.23.2 has a DLL Hijacking vulnerability. This vulnerability stems from the insecure loading of system libraries. Specifically, the application does not validate the path or signature of [regsvr32.exe] it loads. An...
An issue was discovered in weijiang1994 university-bbs (aka Blogin) in commit 9e06bab430bfc729f27b4284ba7570db3b11ce84 (2025-01-13). A weak verification code generation mechanism combined with missing rate limiting allows attackers to perform brute-force attacks on verification codes without...
The affected products allow unauthenticated access to Open Network Video Interface Forum (ONVIF) services, which may allow an attacker unauthorized access to camera configuration information. More information : https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-02.json
The affected product allows unauthenticated access to Real Time Streaming Protocol (RTSP) services, which may allow an attacker unauthorized access to camera configuration information. More information : https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-324-02.json
FS Inc S3150-8T2F 8-Port Gigabit Ethernet L2+ Switch, 8 x Gigabit RJ45, with 2 x 1Gb SFP, Fanless. All versions before 2.2.0D Build 135103 were discovered to transmit cookies for their web based administrative...
Improper neutralisation of input in Revive Adserver 6.0.0+ causes a reflected XSS attack in the banner-zone.php script. More information : https://hackerone.com/reports/3403727
Insecure design policies in the user management system of Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to have access to the contact name and email address of other users on...
Missing authorization check in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes users on the system to delete banners owned by other accounts More information : https://hackerone.com/reports/3401612
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use....