CVE-2022-2634

An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. This could lead to uploading python files which can be later executed...

The vulnerability of the Fileserver application of the Apache ActiveMQ software platform, which allows a hacker to download and execute any file they desire.

The vulnerability of the Fileserver application of the Apache ActiveMQ software platform exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to upload and execute any file using the HTTP PUT method, followed by an HTTP MOVE request...

SUSE SLES15 Security Update : rubygem-tzinfo (SUSE-SU-2022:2592-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:2592-1 advisory. - TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to...

Design/Logic Flaw

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 49183. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

Vulnerability fixed in RealVNC VNC Server

RealVNC has fixed a vulnerability in VNC Server for Windows. A local, authenticated malicious party can exploit the exploit the vulnerability to obtain elevated privileges on the system on which VNC Server is installed. The vulnerability is caused by an installation file executing files in %TEMP%...

Input validation

Improper input validation vulnerability in HANDY Groupware’s ActiveX moudle allows attackers to download or execute arbitrary files. This vulnerability can be exploited by using the file download or execution path as the parameter value of the vulnerable function...

Handysoft Groupware 输入验证错误漏洞

Handysoft Handy Groupware is an office collaboration solution from Handysoft Korea. The product supports features such as meeting management, attendance management, and human resource assessment. A security vulnerability exists in Handysoft Groupware for Windows, which originates from incorrect...

GHSA-CGRV-6H2H-6F7V MODX Revolution Directory Traversal Vulnerability

In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal...

EulerOS Virtualization 2.10.1 : babel (EulerOS-SA-2022-1367)

According to the versions of the babel package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files containing serialized Python objects via...

CVE-2022-20739 Cisco SD-WAN vManage Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this...

CVE-2022-20739

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected system as a low-privileged user to exploit this...

Design/Logic Flaw

Zoo Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /publichtml/applyvacancy. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

PDF Generator Web App Using TCPDF 1.0 Local File Inclusion Vulnerability

PDF Generator Web App using TCPDF version 1.0 suffers from a local file inclusion vulnerability. Title: PDF Generator Web App using TCPDF 1.0 LFI To RCE Author: Hejap Zairy Vendor: https://www.sourcecodester.com/php/15243/pdf-generator-web-app-using-tcpdf-and-phpoop-free-source-code.html...

Cross site scripting

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution...

Cisco Expressway Series and Cisco TelePresence Video Communication Server Vulnerabilities

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker with read/write privileges to the application to write files or execute arbitrary code on the...

The vulnerability of the SAP Business One resource management system lies in the lack of restrictions on file loading, allowing a perpetrator to load and execute any desired file.

The vulnerability of the SAP Business One resource management system lies in the lack of restrictions on file loading. Exploiting this vulnerability allows a malicious actor to load and execute any desired file remotely...

Samsung Video Player Privilege Mismanagement Vulnerability

Samsung Video Player is a built-in system video player application optimized for the Samsung Galaxy series from Samsung South Korea. A privilege mismanagement vulnerability exists in Samsung Video Player versions prior to 7.3.15.30, which stems from Samsung Video Player's faulty privilege...

CVE-2022-24927

Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission...

CVE-2021-46165

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined...

Apple macOS High Sierra 安全漏洞

Apple macOS High Sierra is a proprietary operating system developed by Apple for Mac computers. Apple macOS High Sierra is vulnerable to a security flaw that could be exploited by attackers to execute non-executable text files via SMB shares...