Poly Studio X30, Studio X50, Studio X70, and G7500 versions 3.4.0-292042, 3.5.0-344025, and 3.6.0 suffers from an authenticated command injection vulnerability.
http://spb3.go.th/rz.php notified by AnonCoders
Tags: defacementZyxel USG FLEX version 5.21 suffers from a command injection vulnerability.
Microweber CMS versions 1.2.15 and below suffer from an account takeover vulnerability.
Contao version 4.13.2 suffers from a cross site scripting vulnerability.
SolarView Compact version 6.00 suffers from a directory traversal vulnerability.
Telesquare SDT-CW3B1 version 1.1.0 suffers from a command injection vulnerability.
IIPImage is distributed with a server that enables advanced, high-performance image manipulation for web-based streaming and viewing of high resolution images. The server component called iipsrv.fcgi processes requests from users and passes them to command handlers. Several crashes including an integer overflow were discovered by sending malformed requests to the server, allowing remote users without […]
The Player application and the Recording Manager of Real Player versions 20.1.0.312 and 20.0.3.317 are prone to a remote DLL hijack (binary planting) issue because of an unsafe search for non-existent DLLs. To exploit the issue attackers would have to convince the target to open a media file from a WebDAV or SMB share.
NVIDIA DCGM runs on machines with NVIDIA GPUs to gather telemetry and GPU health data. nv-hostengine is a daemon that by default listens on the loopback interface, but can also listen on the network for requests coming in on port 5555 (remote mgmt). A native client named DCGMI allows users to make requests to the […]