EUVD-2017-16322

Malware in sbrugna...

CVE-2025-37879

In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9clientwrite and p9clientreadonce, if the server incorrectly replies with success but a negative write/read count then we would consider written negative 3...

CVE-2023-35390 .NET and Visual Studio Remote Code Execution Vulnerability

...

CryptNet A Novel Ransomware-as-a-Service

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary CryptNet is a new ransomware-as-a-service group that employs data exfiltration and .NET code. Currently, it has two victims listed on its data leak site. To receive real-time threat advisories, please...

Antaris RazorEngine has an unspecified vulnerability

Antaris RazorEngine is an open source templating engine based on Microsoft's Razor parsing engine from Matthew Abbott, a personal developer in the U.K. Antaris RazorEngine contains a security vulnerability that could be exploited by attackers to execute arbitrary .NET code in a sandboxed...

CVE-2021-46703

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

CVE-2021-46703

In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer supported by the maintain...

Code injection

UNSUPPORTED WHEN ASSIGNED In the IsolatedRazorEngine component of Antaris RazorEngine through 4.5.1-alpha001, an attacker can execute arbitrary .NET code in a sandboxed environment if users can externally control template contents. NOTE: This vulnerability only affects products that are no longer...

Antaris RazorEngine 安全漏洞

Antaris RazorEngine is an open source templating engine based on Microsoft's Razor parsing engine from Matthew Abbott, a personal developer in the U.K. Antaris RazorEngine contains a security vulnerability that could be exploited by attackers to execute arbitrary .NET code in a sandboxed...

Exploit for Improper Authentication in Microsoft

CVE-2020-0688 A remote code execution vulnerability exists in...

CVE-2018-17058

An issue was discovered in JABA XPress Online Shop through 2018-09-14. It contains an arbitrary file upload vulnerability in the picture-upload feature of ProductEdit.aspx. An authenticated attacker may bypass the frontend filename validation and upload an arbitrary file via FileUploader.aspx.cs ...

Adaptable, All-in-One Android Trojan Shows the Future of Malware

A new Android trojan, dubbed “GPlayed”, has been identified by researchers who said the malware is both extremely dangerous and could herald a new and very dangerous age for malicious code, according to Cisco Talos researchers. The trojan has all of the capabilities of a banking trojan as well as...

Remote code execution

DISPUTED Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor ha...

CVE-2018-7046

Arbitrary code execution vulnerability in Kentico 9 through 11 allows remote authenticated users to execute arbitrary operating system commands in a dynamic .NET code evaluation context via C code in a "Pages - Edit - Template - Edit template properties - Layout" box. NOTE: the vendor has respond...

CVE-2017-12069

An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server LDS before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 All versions V8.1 and earlier, SIMATIC WinCC All versions V7.4 SP1, SIMATIC WinCC Runtime...

CVE-2017-7293

The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 DAX2 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1,...

Microsoft Windows multiple security vulnerabilities

.Net code execution, comctl32.dll integer overflow...

Avaya IP Office Customer Call Reporter Command Execution

Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'uri'...

Avaya IP Office Customer Call Reporter Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'uri' require 'msf/core' class Metasploit3 'Avaya IP Office Custome...

ScrewTurn-Wiki_08_008.txt

Portcullis Security Advisory 08008 Vulnerable System: ScrewTurn Wiki www.screwturn.eu. Vulnerability Title: Permanent Cross-site Scripting in the "System Log" page. Vulnerability Discovery And Development: Portcullis Security Testing Services. Credit For Discovery: Ferruh Mavituna - Portcullis...