EUVD-2022-43916

Malicious code in bioql PyPI...

CVE-2019-17408

parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...

CVE-2022-40644

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

CVE-2020-17408

This vulnerability allows remote attackers to disclose sensitive information on affected installations of NEC ExpressCluster 4.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the clpwebmc executable. Due to the improper restriction of XML External...

CVE-2019-17408

creationtimestamp| type| source ---|---|--- 2024-01-08 14:07:26+00:00| seen| https://t.me/ctinow/164340...

jetty: Resource exhaustion when receiving an invalid large TLS frame

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large greater than 17408 TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability...

HTTP Authenticated OS Command Injection (CVE-2020-17408; CVE-2020-24916; CVE-2020-25079; CVE-2020-3117; CVE-2020-7049)

A command injection vulnerability exists in web and application servers. Successful exploitation of this vulnerability could result in execution of arbitrary code on the target system...

CVE-2019-17408

parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...

CVE-2019-17408

Affected software: ZZZCMS zzzphp 1.7.3. The issue is in parserIfLabel within inc/zzz_template.php, where the danger_key function can be bypassed (e.g., via strtr), enabling remote attackers to execute arbitrary code. This is the explicit root cause and consequence stated across multiple sources. ...

CVE-2017-17408

creationtimestamp| type| source ---|---|--- 2019-06-27 12:11:11+00:00| published-proof-of-concept| https://t.me/R0Crew/687...

Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...

Zahir Enterprise Plus 6 Stack Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...

CVE-2018-17408

creationtimestamp| type| source ---|---|--- 2018-10-04 16:10:27+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/zahirenterprisepluscsv.rb 2018-10-08 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/45560 2025-02-06...

CVE-2018-17408

CVE-2018-17408 concerns a stack-based buffer overflow in Zahir Accounting Enterprise Plus 6 through build 10b. A crafted CSV file opened via the Import CSV File menu can allow remote attackers to execute arbitrary code. Multiple public exploits exist, including a Metasploit module and PoC/payload...

Zahir Enterprise Plus 6 Build 10b Buffer Overflow

Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip Version: 6 build 10b - Download here:...

Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)

Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip Version: 6 build 10b - Download here:...

Zahir Enterprise Plus 6 Stack Buffer Overflow

This module exploits a stack buffer overflow in Zahir Enterprise Plus version 6 build 10b and below. The vulnerability is triggered when opening a CSV file containing CR/LF and overly long string characters via Import from other File. This results in overwriting a structured exception handler...

CVE-2017-17408

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

CVE-2017-17408

Bitdefender Internet Security (2018) contains an integer overflow in cevakrnl.xmd that fails to validate user-supplied data, enabling remote code execution with SYSTEM privileges after a user visits a malicious page or opens a malicious file. The issue has been disclosed in ZDI-CAN-5101 (ZDI-17-9...