CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information.

Harmonic NSG 9000 devices have a default password of nsgadmin for the admin account, a default password of nsgguest for the guest account, and a default password of nsgconfig for the config account.

The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to cause...

upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.

Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.

Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows a remote attacker to restore a database dump without knowing the sup...

LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters.

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software appli...

Entes EMG12 versions 2.57 and prior The application uses a web interface where it is possible for an attacker to bypass authentication with a specially crafted URL. This could allow for remote code ex...

Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.

Entes EMG12 versions 2.57 and prior an information exposure through query strings vulnerability in the web interface has been identified, which may allow an attacker to impersonate a legitimate user a...

Fuji Electric V-Server 4.0.3.0 and prior, An out-of-bounds read vulnerability has been identified, which may allow remote code execution.

WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution.

Fuji Electric V-Server 4.0.3.0 and prior, An integer underflow vulnerability has been identified, which may allow remote code execution.

Advantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.

Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution.

Fuji Electric V-Server 4.0.3.0 and prior, A heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

Fuji Electric V-Server 4.0.3.0 and prior, Multiple untrusted pointer dereference vulnerabilities have been identified, which may allow remote code execution.

Fuji Electric V-Server 4.0.3.0 and prior, A use after free vulnerability has been identified, which may allow remote code execution.

A stack-based buffer overflow vulnerability in Opto 22 PAC Control Basic and PAC Control Professional versions R10.0a and prior may allow remote code execution.

Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.

ABB eSOMS version 6.0.2 may allow unauthorized access to the system when LDAP is set to allow anonymous authentication, and specific key values within the eSOMS web.config file are present. Both condi...

Emerson AMS Device Manager v12.0 to v13.5. A specially crafted script may be run that allows arbitrary remote code execution.

Fuji Electric FRENIC LOADER v3.3 v7.3.4.1a of FRENIC-Mini (C1), FRENIC-Mini (C2), FRENIC-Eco, FRENIC-Multi, FRENIC-MEGA, FRENIC-Ace. The program does not properly check user-supplied comments which ma...