Stack overflow

A vulnerability has been identified in Xpedition Layout Browser All versions VX.2.14. Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process...

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed a vulnerability in Exchange Server. A malicious party could potentially exploit the vulnerability to execute arbitrary code under SYSTEM privileges. For successful exploitation, the malicious party must be authenticated and authorized on the local network. As far as is known,...

Coppermine Gallery 1.6.25 - RCE

Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...

CVE-2023-32972 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Plain Craft Launcher Path Traversal Vulnerability

Plain Craft Launcher is a software. A security vulnerability exists in Plain Craft Launcher version 1.3.9 that originates from a vulnerability that could allow a local attacker to execute arbitrary code and obtain sensitive information...

PT-2023-8834 · Qnap · Qts +2

Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.0.1.2425 build 20230609 QTS versions prior to 5.1.0.2444 build 20230629 QTS versions prior to 4.5.4.2467 build 20230718 QuTS hero versions prior to h5.0.1.2515 build 20230907 QuTS hero versions prior to h5.1.0.2424 bui...

USN-6401-1 freerdp2 vulnerabilities

It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause FreeRDP clients to crash, resulting in a denial of service, or possibly obtain sensitive information. CVE-2023-39350, CVE-2023-39351, CVE-2023-39353, CVE-2023-39354,...

mojoPortal 代码问题漏洞

mojoPortal is a cross-platform object-oriented web framework . A file upload vulnerability exists in mojoPortal, which can be exploited by a remote attacker to submit a special request that can upload malicious files and execute arbitrary code in the context of the application...

mojoPortal 代码问题漏洞

mojoPortal is a cross-platform object-oriented web framework . A file upload vulnerability exists in mojoPortal, which can be exploited by a remote attacker to submit a special request that can upload malicious files and execute arbitrary code in the context of the application...

PT-2023-28273 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

CVE-2023-41448

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component...

Telstra Smart Modem Code Issue Vulnerability

Telstra Smart Modem is a smart modem from Telstra. A security vulnerability exists in Telstra Smart Modem Gen 2 firmware prior to version 0.18.15r, which originates from a vulnerability that could allow an authenticated attacker to alter the firmware or configuration on the device and execute cod...

CVE-2023-32184

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...

The vulnerability of the graphical interface of FortiWeb web applications allows attackers to bypass security restrictions and execute arbitrary code.

The vulnerability of the graphical interface of FortiWeb web applications is related to a breach of data protection mechanisms. Exploiting this vulnerability allows an attacker to bypass security restrictions and execute arbitrary code by sending specially crafted HTTP requests remotely...

Siemens Teamcenter Visualization and JT2Go Type Obfuscation Vulnerability

Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios.Siemens JT2GO is a JT file viewer. A type confusion vulnerability exists in Siemens Teamcenter Visualization and JT2Go, which can be exploited by an attacker to execute code in the...

Siemens JT2Go < 14.3.0.1 Multiple Vulnerabilities (SSA-278349)

The version of Siemens JT2Go installed on the remote Windows hosts is prior to 14.3.0.1. It is, therefore, affected by multiple vulnerabilities: - A stack-based buffer overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of...

Vulnerabilities fixed in Adobe Connect

Adobe has fixed vulnerabilities in Connect. A malicious person could exploit the vulnerabilities to launch a Cross-Site Scripting attack attack. Such an attack could lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. Fo...

Siemens Teamcenter Visualization and JT2Go Heap Buffer Overflow Vulnerability (CNVD-2023-69809)

Siemens Teamcenter Visualization is a software that provides teamwork capabilities for designing 2D and 3D scenarios.Siemens JT2GO is a JT file viewer. A heap buffer overflow vulnerability exists in Siemens Teamcenter Visualization and JT2Go, which can be exploited by an attacker to execute code ...

Ubuntu 22.04 LTS / 23.04 : Linux kernel vulnerabilities (USN-6338-2)

The remote Ubuntu 22.04 LTS / 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6338-2 advisory. Zi Fan Tan discovered that the binder IPC implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use...

Splunk 访问控制错误漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. A...