CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter...

PT-2023-20606

Name of the Vulnerable Software and Affected Versions mono versions prior to 6.8.0.105+dfsg-3.3 Description The issue allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. Recommendations For versions prior t...

K6806: ClamAV UPX heap overflow Vulnerability - CVE-2006-4018

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K6804: ClamAV Portable Executable heap overflow Vulnerability - CVE-2006-4182

Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...

K17156: PHP vulnerability CVE-2014-5298

Security Advisory Description FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains...

Siemens Tecnomatix Plant Simulation Out-of-Bounds Writing Vulnerability (CNVD-2023-13090)

Siemens Tecnomatix Plant Simulation is an object-oriented, graphical, and integrated modeling and simulation tool. An out-of-bounds write vulnerability exists in Siemens Tecnomatix Plant Simulation due to an affected application parsing specially crafted SPP files that contain out-of-bounds write...

Siemens Solid Edge Uninitialized Pointer Vulnerability

Siemens Solid Edge is a 3D CAD software from Siemens Germany. The software can be used for part design, assembly design, sheet metal design, welding design and other industries. Siemens Solid Edge suffers from an uninitialized pointer vulnerability that can be exploited by an attacker to execute...

Atrocore 1.5.25 Shell Upload Exploit

Title: atrocore-1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The Create...

SUSE CVE-2002-0389

Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives...

SUSE CVE-2004-0138

The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service crash via a crafted ELF file with an interpreter with an invalid arch architecture, which triggers a BUG when an invalid VMA is unmapped...

SUSE CVE-2005-0230

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files...

SUSE CVE-2005-0749

The loadelflibrary in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service kernel crash via a crafted ELF library or executable, which causes a free of an invalid pointer...

SUSE CVE-2005-2920

Buffer overflow in libclamav/upx.c in Clam AntiVirus ClamAV before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable...

SUSE CVE-2005-2919

libclamav/fsg.c in Clam AntiVirus ClamAV before 0.87 allows remote attackers to cause a denial of service infinite loop via a crafted FSG packed executable...

SUSE CVE-2006-1736

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes...

SUSE CVE-2006-4182

Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service scanning service crash and execute arbitrary code via a crafted Portable Executable PE file that leads to a heap-based buffer overflow when less memory is allocated...

SUSE CVE-2008-0318

Integer overflow in the cliscanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow...

SUSE CVE-2008-6680

libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service crash via a crafted EXE file that triggers a divide-by-zero error...

SUSE CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

SUSE CVE-2010-1423

Argument injection vulnerability in the URI handler in a Java NPAPI plugin and b Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the 1 -J or 2 -XXaltjvm argument to javaws.exe...