The vulnerability of the Common Gateway Interface (CGI) interface of microprogrammed network devices such as ZyXEL USG, ZyWALL, USG FLEX, ATP, and VPN allows attackers to gain unauthorized access to protected information.

The vulnerability of the Common Gateway Interface CGI interface of microprogrammed network devices such as ZyXEL USG, ZyWALL, USG FLEX, ATP, and VPN is related to the lack of protective measures for the website structure. Exploiting this vulnerability can allow a malicious actor, operating...

vim: Out-of-range Pointer Offset

A vulnerability was found in Vim. The issue occurs when using a number in a string for the lambda name, triggering an out-of-range pointer offset vulnerability. This flaw allows an attacker to trick a user into opening a crafted script containing an argument as a number and then using it as a...

Privilege Escalation

lua5 is vulnerable to privilege escalation. The vulnerability exists due to a Use after free in garbage collector and finalizer of lgc.c allowing an attacker to perform Sandbox Escape via a crafted script file...

Centreon Privilege Escalation

In Centreon VM through 19.04.3, centreon-backup.pl allows attackers to become root via a crafted script, due to incorrect rights of sourced configuration files...

AlmaLinux 8 : python39:3.9 and python39-devel:3.9 (ALSA-2022:1763)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1763 advisory. python-lxml: HTML Cleaner allows crafted and SVG embedded scripts to pass through CVE-2021-43818 Tenable has extracted the preceding description block directly fro...

Foxit PDF Reader 代码问题漏洞

Foxit PDF Reader is a Chinese Foxit Foxit company's PDF reader. A code issue vulnerability exists in Foxit PDF Reader version v11.2.1.53537, which originates from a code issue that contains a dereference via the NULL pointer of the component FoxitPDFReader.exe. An attacker can exploit this...

CVE-2022-28053

Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-28440

An arbitrary file upload vulnerability in UCMS v1.6 allows attackers to execute arbitrary code via a crafted PHP file...

express-fileupload 代码问题漏洞

express-fileupload is a file upload middleware by Richard Girges, an individual developer in the United States. A code issue vulnerability exists in express-fileupload v1.3.1 that allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-27129

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-27352

Simple House Rental System v1 was discovered to contain an arbitrary file upload vulnerability via /app/register.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

baigo CMS 代码问题漏洞

baigo CMS is a PHP-based open source web content management system CMS. A security vulnerability exists in baigo CMS v3.0-alpha-2, which allows an attacker to execute arbitrary code by uploading a crafted PHP file...

CVE-2022-26645

A remote code execution RCE vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function...

AZL-40979 CVE-2021-44964 affecting package ntopng for versions less than 5.2.1-6

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

DEBIAN-CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

Double free

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

UBUNTU-CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

Lua 资源管理错误漏洞

Lua is a lightweight, extended open source scripting language from the Lua LUA team. Lua interpreter versions 5.4.0 through 5.4.3 are vulnerable to a resource management error, which can be exploited by attackers to execute Sandbox Escape via a specially crafted script file...