15 matches found
EUVD-2021-18917
Malware in sbrugna...
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution Vulnerability
WebCatalog versions prior to 48.8 call the Electron shell.openExternal function without verifying that the URL is for an http or https resource. This vulnerability allows an attacker to potentially execute code through arbitrary protocols on the victims machine by having users sync pages with...
PaulPrinting CMS 跨站脚本漏洞
PaulPrinting CMS is a website builder system by CodePaul Individual Developers. A cross-site scripting vulnerability exists in PaulPrinting CMS version 2018, which stems from the parameter s of file/account/delivery can lead to cross-site scripting...
CVE-2022-31567
The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...
Foxit Reader 资源管理错误漏洞
Foxit Reader is a PDF document reader. A type confusion vulnerability exists in Foxit Reader, which can be exploited by a remote attacker to submit a special file request and trick the user into parsing it, which can crash the application or execute arbitrary code in the application context...
DNSlivery - Easy Files And Payloads Delivery Over DNS
Easy files and payloads delivery over DNS. Acknowledgments This project has been originally inspired by PowerDNS and Joff Thyer's technical segment on the Paul's Security Weekly podcast 590 youtu.be/CP6cIwFJswQ. Description TL;DR DNSlivery allows delivering files to a target using DNS as the...
CVE-2018-15415
A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording...
Cisco WebEx Meetings Server Denial of Service Vulnerability (CNVD-2018-14207)
Cisco Webex Meetings Suite sites, Webex Meetings Online sites, and Webex Meetings Server are all versatile video conferencing solutions from Cisco.Webex Network Recording Player Webex Network Recording Player for Advanced Recording Format ARF and Webex Recording Format WRF is one of the media...
CVE-2018-0380
Multiple vulnerabilities exist in the Cisco Webex Network Recording Player for Advanced Recording Format ARF and Webex Recording Format WRF files. An attacker could exploit these vulnerabilities by providing a user with a malicious .arf or .wrf file via email or URL and convincing the user to...
GHSA-CJ92-C4FJ-W9C5 Mail Gem Path Traversal vulnerability
Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...
Bonza Digital Cart Script 1 SQL Injection
Title: Bonza Digital Cart Script v1 - SQL injection Credit: Bilal KARDADOU Vendor: http://www.turnkeycentral.com Vendor URL: http://www.turnkeycentral.com/scripts/bonza-digital-cart-script/ Product: Bonza Digital Cart Script v1 Google Dork: N/A Product & Service Introduction: "Bonza Digital Cart"...
CVE-2012-2139
Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...
Directory traversal
Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...
CVE-2012-2139
Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...
CVE-2012-2139
Directory traversal vulnerability in lib/mail/network/deliverymethods/filedelivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. dot dot in the to parameter...