EUVD-2023-40914

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-33466

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment...

Linux Distros Unpatched Vulnerability : CVE-2025-32802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root...

PT-2025-28235 · Splunk · Splunk Enterprise +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.4.2 Splunk Enterprise versions prior to 9.3.5 Splunk Enterprise versions prior to 9.2.7 Splunk Enterprise versions prior to 9.1.10 Splunk Cloud Platform versions prior to 9.3.2411.104 Splunk Cloud Platfor...

Splunk Enterprise 9.1.0 < 9.1.10, 9.2.0 < 9.2.7, 9.3.0 < 9.3.5, 9.4.0 < 9.4.2 (SVD-2025-0707)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-0707 advisory. - In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104,...

CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

CVE-2021-20136

ManageEngine Log360 Builds 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log3...

CVE-2020-8145

The UniFi Video Server Windows web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks. Low privileged users, belonging to the PUBLICGROUP or CUSTOMGROUP groups, can access these endpoints and overwrite the current...

CVE-2025-46327

gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and...

CVE-2024-36073

Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or Unify server to...

PT-2024-26882 · Cososys +1 · Cososys Unify +1

Name of the Vulnerable Software and Affected Versions: Netwrix CoSoSys Endpoint Protector versions 5.9.3 and earlier CoSoSys Unify versions 7.0.6 and earlier Description: The issue allows an attacker with administrative access to the server to overwrite sensitive configuration and subsequently...

CVE-2024-36073

Netwrix CoSoSys Endpoint Protector (v5.9.3 and earlier) and CoSoSys Unify (v7.0.6 and earlier) contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector/Unify agent. An attacker with administrative access to the Endpoint Protector or Unify server can overw...

SUSE CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

UBUNTU-CVE-2023-33466

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite the configuration, which can be exploited to trigger Remote Code Execution RCE...

IBM Planning Analytics Remote Code Execution Vulnerability

IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting...

CVE-2021-20136

ManageEngine Log360 Builds 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log3...

Exploit for Off-by-one Error in Sudo_Project Sudo

This repository is a collection of exploit code for the CVE-2021-3156 vulnerability in sudo, a Unix command that allows users to execute commands as another user. The vulnerability is a heap-based overflow in the sudo library, which can be exploited to gain elevated privileges. The repository...

Dell EMC iDRAC9 Stack Overflow Vulnerability

Dell EMC iDRAC9 is a system management solution comprising hardware and software from Dell USA. The solution provides remote management, crash system recovery and power control for Dell PowerEdge systems. A stack overflow vulnerability exists in Dell EMC iDRAC9 versions prior to 4.40.00.00. An...

CVE-2021-21540

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload...

Stack overflow

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload...