CVE-2022-22756

If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been changed into an executable script which would have run arbitrary code after the user clicked on it. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91....

Design/Logic Flaw

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and...

CVE-2022-46662

Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and...

JVN#13075438: Corel Roxio Creator LJB starts a program with an unquoted file path

Roxio Creator LJB provided by Corel Corporation starts another program with an unquoted file path CWE-428. Impact Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of t...

Corel Roxio Creator LJB 代码问题漏洞

Corel Roxio Creator LJB is a CD/DVD burning software application from Corel Digital Technology Corel Canada. It makes capturing and converting media easy. A security vulnerability exists in Corel Roxio Creator LJB that originates when the supplied Roxio Creator LJB launches another program with a...

CVE-2022-46875

The Mozilla Foundation Security Advisory describes this flaw as: The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected...

Siemens Simcenter STAR-CCM Privilege Elevation Vulnerability

Siemens Simcenter STAR-CCM is a complete multi-physics field solution from Siemens Germany that simulates products and designs working under real-world conditions. a security vulnerability exists in Siemens Simcenter STAR-CCM, which stems from improperly assigning file permissions to installation...

Slackware Linux 15.0 mozilla-firefox Multiple Vulnerabilities (SSA:2022-348-01)

The version of mozilla-firefox installed on the remote host is prior to 102.6.0esr. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-348-01 advisory. - An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary file...

EXEMSI MSI Wrapper 安全漏洞

EXEMSI MSI Wrapper is a tool from EXEMSI Inc. can easily convert executable installers into MSI packages. A security vulnerability exists in EXEMSI MSI Wrapper versions 6.0.91 through 10.0.50, which can be exploited by an attacker to introduce a local privilege escalation into the installer it...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox that originates from a failure to display an executable warning when downloading .atloc and .ftploc files, which can run commands on a user's computer...

Mozilla Firefox ESR < 102.6

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 102.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-52 advisory. - A use-after-free in WebGL extensions could have led to a potentially exploitable crash. CVE-2022-46882 -...

CVE-2022-4223

CVE-2022-4223 describes a remote code execution vulnerability in pgAdmin that affects versions prior to 6.17. An insecure HTTP API allows an unauthenticated user to pass a manipulated path (e.g., a UNC path) to the server, which could lead to the execution of an arbitrary executable on the pgAdmi...

Security Vulnerabilities fixed in Thunderbird 102.6 — Mozilla

A missing check related to tex units could have led to a use-after-free and potentially exploitable crash. An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.This bug only affects Thunderbird for Linux...

Mozilla Firefox < 108.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 108.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-51 advisory. - Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla...

Mozilla Firefox 注入漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an injection vulnerability that stems from a failure to execute the Unsafe-Hashes CSP directive. An attacker could exploit this vulnerability to inject executable script...

VMware vCenter vScalation Priv Esc

This module exploits a privilege escalation in vSphere/vCenter due to improper permissions on the /usr/lib/vmware-vmon/java-wrapper-vmon file. It is possible for anyone in the cis group to write to the file, which will execute as root on vmware-vmon service restart or host reboot. This module was...

The vulnerability of the implementation of the executable file DesignReview.exe of the software for applying electronic annotations in Autodesk Design Review allows a perpetrator to execute arbitrary code.

The vulnerability of the implementation of the executable file DesignReview.exe of the Autodesk Design Review software for applying electronic annotations is related to writing beyond the buffer boundaries during the processing of .dwf or .pct format files. Exploiting this vulnerability can allow...

SUSE-SU-2022:4277-1 Security update for binutils

This update for binutils fixes the following issues: The following security bugs were fixed: - CVE-2019-1010204: Fixed out-of-bounds read in elfcpp/elfcppfile.h bsc1142579. - CVE-2021-3530: Fixed stack-based buffer overflow in demanglepath in rust-demangle.c bsc1185597. - CVE-2021-3648: Fixed...

Pycrypt - Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products

Python Based Crypter That Can Bypass Any Kinds Of Antivirus Products Important: 1. Make Sure your payload file have all the libraries import and it will be a valid payload file How To Use: 1. Find Any Python Based Backdoor/RAT on github. 2. Crypt its payload with pycrypt 3. Now Convert crypted...

The vulnerability of the executed file stadosvr.exe in the AVEVA Edge SCADA system allows a intruder to execute arbitrary code.

The vulnerability of the stadosvr.exe executable file in the AVEVA Edge SCADA system is related to errors in access control. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...