CVE-2021-43176

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the...

CVE-2021-43176

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP file to implement the API call. Vulnerable versions of GOautodial do not sanitize the user input that specifies the...

CVE-2021-36335

Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server...

Dell Emc CloudLink 输入验证错误漏洞

Dell EMC CloudLink is a flexible data encryption and key management solution for data encryption in public, private, and hybrid cloud environments.Dell EMC CloudLink 7.1 and earlier versions are vulnerable to an input validation error that could be exploited by a remote, low privilege attacker to...

CVE-2021-42338 4MOSAn GCB Doctor - Improper Authorization

4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files...

CVE-2021-42847

Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files...

Zoom Client 数据伪造问题漏洞

ZOOM Client is a video conferencing client application from ZOOM USA that supports multiple platforms. A data forgery issue vulnerability exists in the windows installer of Zoom Client for Meetings versions prior to 5.5.4, which originates from not properly verifying the signatures of files with...

PT-2021-23695 · Zoho · Zoho Manageengine Adaudit Plus

Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ADAudit Plus versions prior to 7006 Description: The issue allows attackers to write to and execute arbitrary files, potentially leading to unauthorized access and malicious activities. Recommendations: For versions prior to...

CVE-2021-42847

Product affected: ManageEngine ADAudit Plus, versions before 7006. Vulnerability: Arbitrary file write that enables authenticated users to write and execute files via the alert_script mechanism, enabling remote code execution (RCE) under the account running ADAudit Plus. Root cause / vector: Expl...

CVE-2020-7875 RAONWIZ DEXT5 Upload ActiveX remote file execution vulnerability

DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution...

CVE-2020-7867

An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of...

CVE-2020-7867

CVE-2020-7867 describes an improper input validation vulnerability in the Helpu solution, affecting the viewer component that receives files from an agent running with administrator privileges. The underly­ing issue allows a local attacker to create arbitrary files and potentially execute code in...

CVE-2021-30829

A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files...

Microsoft Office 2016 RCE Vulnerability (KB5001997)

This host is missing an important security update according to Microsoft KB5001997 Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Tobesoft NEXACRO14 安全漏洞

Tobesoft NEXACRO14 is a BUX platform from Tobesoft Korea, developed as a JavaScript-based stand-alone framework to accommodate the company's various development needs. Applications developed using the Nexacro platform require no additional development to achieve the same functionality across a wi...

CVE-2021-30664

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2021-30764

Processing a maliciously crafted file may lead to arbitrary code execution. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. This issue was addressed with improved checks...

CVE-2020-7832

A vulnerability improper input validation in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.CVE-2020-7832...

Input validation

A vulnerability improper input validation in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.CVE-2020-7832...

Raonwiz DEXT5 输入验证错误漏洞

Raonwiz DEXT5 is a set of HTML5-based file transfer solution from Raonwiz Korea. The product supports encrypted file transfer, form building, and other features. A security vulnerability exists in RAONWIZ DEXT5 that can be exploited by unauthenticated attackers to download and execute arbitrary...