Design/Logic Flaw

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the...

Input validation

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2024-1201

Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation...

OESA-2024-1117 shim security update

Initial UEFI bootloader that handles chaining to a trusted full \ bootloader under secure boot environments. Security Fixes: A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker...

Puppet Config Gather

This module will grab Puppet config files, credentials, host information, and file buckets. Module Options msf use post/linux/gather/puppet msf postpuppet show actions ...actions... msf postpuppet set ACTION msf postpuppet show options ...show and set options... msf postpuppet run This module...

AnyDesk Desktop Detection Consolidation

Consolidation of AnyDesk Desktop detections. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only include"pluginfeedinfo.inc"; ifdescription...

AZL-35273 CVE-2023-40549 affecting package shim-unsigned-x64 for versions less than 15.8-3

An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and crashing Shim, resulting in a denial of service...

Saltstack Minion Payload Deployer

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Saltstack Minion Payload Deployer', 'Description' = %q This exploit module uses saltstack salt to deploy a payload and run it on all targets whic...

Saltstack Minion Payload Deployer Exploit

This Metasploit exploit module uses saltstack salt to deploy a payload and run it on all targets which have been selected default all. Currently only works against nix targets. This module requires Metasploit: https://metasploit.com/download Current source:...

UBUNTU-CVE-2023-40548

A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This fl...

PT-2024-2763 · Shim +6 · Shim +6

Name of the Vulnerable Software and Affected Versions: Shim affected versions not specified Description: The issue is related to an out-of-bounds read flaw in Shim due to the lack of proper boundary verification during the load of a PE binary. This flaw allows an attacker to load a crafted PE...

Remote code execution

The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an...

CVE-2023-7082 WP All Import < 3.7.3 - Admin+ Arbitrary File Upload to RCE

The Import any XML or CSV File to WordPress plugin before 3.7.3 accepts all zip files and automatically extracts the zip file into a publicly accessible directory without sufficiently validating the extracted file type. This may allows high privilege users such as administrator to upload an...

CVE-2024-0770

A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approache...

PT-2024-15806 · European Chemicals Agency · Iuclid

Name of the Vulnerable Software and Affected Versions: European Chemicals Agency IUCLID version 7.10.3 Description: A critical vulnerability was found in the European Chemicals Agency IUCLID, affecting an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulatio...

CVE-2024-0581

An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this...

CVE-2022-45793 Executable files writable by low-privileged users in Omron Sysmac Studio

Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user...

CVE-2023-48248

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via a crafted URL, HTTP request, or simply by waiting for the victim to view the poisoned file...

Remote code execution

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because uploadaction and editaction in AdminSmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7,...

VulnCheck KEV: CVE-2017-6090

Unrestricted file upload vulnerability in clients/editclient.php in PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logosclients/...