50 matches found
CVE-2019-9617
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code because blocking of .jsp and .jspx files does not consider for example file.jsp::$DATA to the admin/ueditor/uploadFile URI...
CVE-2018-15908
Artifex Ghostscript 9.23, prior to 2018-08-23, is affected by a restriction-bypass in .tempfile that allows crafted PostScript files to bypass safety checks and write files. Impact is stated as enabling file writes via PostScript, with broader security fixes applied in multiple distros. Remediati...
CVE-2017-11830
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability"...
WSTShop suffers from an administrator password reset vulnerability
WSTShop e-commerce system is a single merchant e-commerce system based on PHP+MySQL. WSTShop suffers from an administrator password reset vulnerability. The vulnerability stems from an installation file bypass, which can be exploited by an attacker to reset the administrator password...
CVE-2015-6322
The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.18 allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-path validation, aka Bug ID CSCuv48563...
CVE-2010-3002
Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors...
CVE-2007-3122
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR...
Mysql log file obfuscation
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysqlrealquery function. NOTE: this issue was originally reported for the mysqlquery function, but the vendor states that since mysqlquer...
CVE-2005-3216
Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even...
Clearswift MAILsweeper 4.x - MIME Attachment Filter Bypass
source: https://www.securityfocus.com/bid/7044/info Clearswift MailSweeper does not properly process certain malformed MIME email message attachments. If the attachment does not contain a MIME-Version field, MailSweeper does not recognize the attachment as being an executable type. MailSweeper...