CVE-2022-41882

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...

CVE-2022-41882

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file...

Nextcloud 代码注入漏洞

A security vulnerability exists in Nextcloud Desktop Client, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that its desktop client could be tricked into opening/executing local files when clicking o...

CVE-2022-43050

Online Tours & Travels Management System v1.0 was discovered to contain an arbitrary file upload vulnerability in the component updateprofile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

The vulnerability of the installation file of Kaspersky Endpoint Security and the Kavremover utility allows a malicious actor to execute the executable file instead of the uninstaller.

The vulnerability of the installation file of Kaspersky Endpoint Security and the Kavremover utility is related to an uncontrolled element in the search path. Exploiting this vulnerability could allow a malicious individual to execute the executable file instead of the uninstaller, which is...

The vulnerability of the RealVNC remote access software lies in the ability to execute files located at %TEMP%, as they are owned by the SYSTEM account. This allows attackers to gain higher privileges.

The vulnerability of the RealVNC remote access software is related to the possibility of executing files located at %TEMP% as SYSTEM. Exploiting this vulnerability can allow an attacker to increase their privileges...

Exploit for Cross-site Scripting in Helpsystems Cobalt_Strike

CVE-2022-39197-RCE First This project was modified from...

PT-2022-26515 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap versions prior to 12.04.18 Description: A reflected XSS issue exists in the Alerts & Notifications upload feature, allowing arbitrary JavaScript code execution when a crafted CSV file is uploaded. Recommendations: For versions prior to...

CVE-2022-40089

A remote file inclusion RFI vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allowurlinclude is set to On...

CVE-2022-23766

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website...

CVE-2022-23766

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website...

Input validation

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website...

CVE-2022-23766

Mode C: CVE-2022-23766 affects BigFileAgent and is described as an improper input validation vulnerability that enables arbitrary file execution when a user visits a malicious page or an attacker injects XSS into a page. The connected records corroborate the general description and note BigFileAg...

CVE-2022-23766 BigFileAgent arbitrary file execution vulnerability

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website...

CVE-2022-23766 BigFileAgent arbitrary file execution vulnerability

An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website...

PT-2022-16253 · Unknown · Bigfileagent

Name of the Vulnerable Software and Affected Versions: BigFileAgent affected versions not specified Description: An improper input validation issue allows for arbitrary file execution in BigFileAgent. Attackers can exploit this by having victims access a malicious web page or by inserting a scrip...

BigFile BigFileAgent 输入验证错误漏洞

BigFileAgent is a famous download site in Korea by BigFile Inc. It is used to provide download resources such as movies, TV, games, software and so on. An input validation error vulnerability exists in BigFileAgent versions prior to 1.0.1.9, which stems from the presence of an incorrect input...

CVE-2022-38323

Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /RoyalEvent/updateimage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-36121

Blue Prism Enterprise 6.0–7.01 is affected by a vulnerability that exists when the Blue Prism Application server is misconfigured, allowing an authenticated user to reverse engineer the software and bypass access controls on the UpdateOfflineHelpData function. This enables changing the offline he...

Design/Logic Flaw

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. Since the affected product starts another program with an unquoted file path, a malicious file may be executed...