Hikvision Hybrid SAN Ds-a71024 firmware suffers from a remote blind SQL injection vulnerability.
9004daadddb908c449ed0c8cd1fe390b2183ffaa2fea3b3933f83d62aba1e09c
MobileTrans version 4.0.11 suffers from having a weak service permission vulnerability.
b5c0b13eb7b2bcaa442dfeb0fc7d258541a7ac1ebefd77f5f4083f487eb40f0a
Filmora version 12 Build 1.0.0.7 suffers from an unquoted service path vulnerability.
d7e6ab84b73383d1389ef2f6d893e67aaa9ed1dd4fff240782beb124f44bd7d2
Wondershare Dr Fone version 12.9.6 suffers from a weak service permission vulnerability that can allow for privilege escalation.
415e057e5a343dc2284618d87f1acaf45a64699e33bd6db074ef12f80deda77b
VX Search version 13.8 suffers from an unquoted service path vulnerability.
149dd7da07aea956bea9831bdd2e0db21239017e45fb91917af415f451404478
Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution (command injection) vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary operating system commands and more. However, an adversary must be on the same network to leverage this vulnerability to execute arbitrary commands.
9ef9e4e937841d3becdae9ba498b3199c7ac7dfcaea39831e8e5a468cd2d8f10
mRemoteNG version 1.76.20 suffers from a weak permission privilege escalation vulnerability.
aa08068eda449c43f5c76d0ec56fca19930c2ac6719246bec693e3037f692da6