Command injection

A command injection vulnerability is present that permits an unauthenticated user with access to the Aruba Instant web interface to execute arbitrary system commands within the underlying operating system. An attacker could use this ability to copy files, read configuration, write files, delete...

CVE-2017-12778

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...

CVE-2019-6564

GE Communicator, all versions prior to 4.0.517, allows a non-administrative user to place malicious files within the installer file directory, which may allow an attacker to gain administrative privileges on a system during installation or upgrade...

CVE-2019-6546

GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements...

CVE-2019-6546

CVE-2019-6546 affects GE Communicator prior to 4.0.517. The issue allows placing malicious files in the program’s working directory, potentially enabling manipulation of widgets/UI elements. Affected component/behavior is described in multiple sources (NVD and ICS advisories). Remediation per PT ...

CVE-2019-6546

GE Communicator, all versions prior to 4.0.517, allows an attacker to place malicious files within the working directory of the program, which may allow an attacker to manipulate widgets and UI elements...

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1324)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle...

CVE-2019-7213

SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could create files in new folders in arbitrary locations on the mail server. This could lead to command execution on the server for instance by putting files inside th...

CB TAU Threat Intelligence Notification: HopLight Campaign (Linked to North Korea) is Reusing Substantial Amount of Code

On April 10, 2019 the US Department of Homeland Security DHS released a Malware Analysis Report MAR-10135536-8 which detailed the trojan HopLight. HopLight has been linked to different North Korean DPRK campaigns also known as the Lazarus Group. The CB Threat Analysis Unit TAU has continued to...

CVE-2019-3398

Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has ‘Admin’ permissions for a space can exploit this pat...

CVE-2019-8455

A hard-link created from the log file of Check Point ZoneAlarm up to 15.4.062 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file...

CVE-2015-5463

CVE-2015-5463 affects AxiomSL’s Axiom java applet module (used for editing uploaded Excel files and related Java RMI services) version 9.5.3 and earlier. The connected documents corroborate multiple dangerous impacts: remote attackers can (1) access data of other basic users via arbitrary SQL com...

CVE-2019-1002101

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could r...

Cross site scripting

Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field e.g., Satellite name, and then restoring the...

Valve: Malformed playlist.txt in GoldSrc games leads to Access Violation & arbitrary code execution

A crafted playlist.txt can be used to exploit a stack overflow vulnerability in GameUI.dll that can lead to arbitrary code execution. Reproduction Place attached playlist.txt in game directory valve, cstrike, etc.. The game will crash when it tries to play Splash track. Exploitability The file ca...

The vulnerability of the scp file copy-to-external utility implementation lies in insufficient validation of input data, allowing a malicious actor to manipulate files in the client’s directory.

The vulnerability of the scp file copy utility implementation is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely from the server, to manipulate files in the client directory...

Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to...

CVE-2018-19015

An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor Versions 3.42 and prior through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application...

CVE-2018-19015

The CVE-2018-19015 issue affects OMRON CX-Supervisor (versions up to 3.42) via project-file parsing. The root cause is improper validation of user-supplied strings, enabling an attacker to inject commands and create/write/read files, potentially executing code with the application’s privileges. D...

Design/Logic Flaw

app\admin\controller\RouteController.php in ThinkCMF 5.0.190111 allows remote attackers to execute arbitrary PHP code by using vectors involving portal/List/index and list/:id to inject this code into data\conf\route.php, as demonstrated by a fileputcontents call...