CVE-2021-45040

The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route...

GHSA-J8JP-9X42-4PJ5 Unrestricted Upload of File with Dangerous Type in MODX Revolution

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...

Unrestricted Upload of File with Dangerous Type in MODX Revolution

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...

CVE-2022-26149

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...

CVE-2022-26149

MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an administrator...

CVE-2022-26149

MODX Revolution up to version 2.8.3-pl is affected by an authenticated RCE: an admin can upload an executable file by abusing the Uploadable File Types setting, then execute code via the Media Browser. Exploitation details and proof-of-concept scripts are present in public advisories (e.g., Explo...

Siemens SICAM PQ Analyzer Search Path Vulnerability

SICAM PQ Analyzer is a power quality system software that provides options for evaluating archived PQ measurement data and fault records. A search path vulnerability exists in Siemens SICAM PQ Analyzer, which can be exploited by an attacker with write privileges to plant an executable that will r...

CVE-2021-46165

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined...

Design/Logic Flaw

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined...

SICK SOPAS ET has an unspecified vulnerability

Sick Sopas Et is an engineering tool from the German company Sick.A security vulnerability exists in versions prior to SICK SOPAS ET 4.8.0, which could be exploited by an attacker to package any executable file into an SDD and make it available to SOPAS ET users...

OpenCATS file upload vulnerability

OpenCats is an open source recruitment process management system. OpenCATS prior to 0.9.6 was vulnerable to file uploads, which stemmed from a lack of valid validation of uploaded files in the application's lib/FileUtility.php. A remote attacker could exploit this vulnerability to execute arbitra...

Design/Logic Flaw

SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks...

CVE-2021-32497

Summary of CVE-2021-32497 (SICK SOPAS ET) : Prior to version 4.8.0, SOPAS ET allows an attacker to wrap an arbitrary executable into an SDD and hand it to a user. When the SOPAS ET emulator is started, the embedded executable may run without further checks, enabling code execution under the local...

CVE-2021-32497

SICK SOPAS ET before version 4.8.0 allows attackers to wrap any executable file into an SDD and provide this to a SOPAS ET user. When a user starts the emulator the executable is run without further checks...

Code injection

OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php...

CVE-2021-38510

CVE-2021-38510 describes a Mac‑OS specific flaw where the executable file warning was not shown when downloading .inetloc files, which can cause commands to run on a user’s computer. Affected products and versions from the provided documents: Mozilla Firefox (Mac) < 94, Thunderbird < 91.3, ...

openSUSE 15 Security Update : MozillaFirefox (openSUSE-SU-2021:3745-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3745-1 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing...

Command Injection

firefox is vulnerable to command injection. The vulnerability exists due to executable file warning was not presented when downloading .inetloc files, which allows the system to run malicious code on the system...

Mozilla Thunderbird < 91.3

The version of Thunderbird installed on the remote Windows host is prior to 91.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-50 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions...

Mozilla Thunderbird < 91.3

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 91.3. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-50 advisory. - The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass...