CVE-2020-28594

A use-after-free vulnerability exists in the 3MFImporter::handleendmodel functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted 3MF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

The vulnerability of the Event Banner plugin for the WordPress content management system allows for unlimited loading of dangerous files, enabling attackers to load and execute arbitrary files.

The vulnerability of the Event Banner plugin for the WordPress content management system is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to download and execute arbitrary files remotely...

CVE-2021-29699

The CVE pertains to IBM Security Verify Access Docker 10.0.0. Affected product: IBM Security Verify Access Docker. Issue: remote privileged user could upload arbitrary files with dangerous file types that could be executed by a user. This description is supported by IBM’s security bulletin and th...

Security Bulletin: IBM Content Foundation on Cloud security vulnerability in WebSphere container

Summary There is a denial of service and Networking security vulnerabilities in WebSphere Application Server. Vulnerability Details CVEID: CVE-2019-4720 DESCRIPTION: IBM WebSphere Application Server is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote...

Privilege escalation

VMware Tools for Windows 11.x.y prior to 11.2.6, VMware Remote Console for Windows 12.x prior to 12.0.1 , VMware App Volumes 2.x prior to 2.18.10 and 4 prior to 2103 contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by...

Red Hat GFS2 安全漏洞

Red Hat GFS2 is a shared disk file system for Linux computer clusters from Red Hat, Inc. that allows all members of a cluster to have direct concurrent access to the same shared block storage, in contrast to a distributed file system that distributes data throughout the cluster. It allows all...

Design/Logic Flaw

In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebserviceo.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server...

PT-2021-3535 · WordPress · Kaswara Modern Vc Addons

Name of the Vulnerable Software and Affected Versions: Kaswara Modern VC Addons versions through 3.0.1 Description: The issue is related to unlimited file upload of dangerous types. Exploitation can allow a remote attacker to upload and execute arbitrary files. The vulnerability allows...

Freeter 1.2.1 - Persistent Cross-Site Scripting

Exploit Title: Freeter 1.2.1 - Persistent Cross-Site Scripting Exploit Author: TaurusOmar Date: 04/05/2021 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Risk: High 8.8 Vendor Homepage: https://freeter.io/ Version: 1.2.1 Tested on: Windows, Linux, MacOs Software Description: It is an organizer for...

Object injection in PHPMailer/PHPMailer

Impact This is a reintroduction of an earlier issue CVE-2018-19296 by an unrelated bug fix in PHPMailer 6.1.8. An external file may be unexpectedly executable if it is used as a path to an attachment file via PHP's support for .phar files. Exploitation requires that an attacker is able to provide...

Design/Logic Flaw

CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity...

CVE-2020-7861

AnySupport Remote support solution before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution...

CVE-2020-7861

AnySupport Remote support solution before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution...

CVE-2020-7861 AnySupport directory traversing vulnerability

AnySupport Remote support solution before 2019.3.21.0 allows directory traversing because of swprintf function to copy file from a management PC to a client PC. This can be lead to arbitrary file execution...

CVE-2020-7861

CVE-2020-7861 affects AnySupport (Remote support solution). A directory traversal vulnerability arises before 2019.3.21.0 due to the use of swprintf to copy files from a management PC to a client PC, which can lead to arbitrary file execution. The Red Hat and NVD/NVD-derived records corroborate t...

CVE-2020-7851 Innorix File Transfer Solution File Download and Execution Vulnerability

Innorix Web-Based File Transfer Solution versuibs prior to and including 9.2.18.385 contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the internal method. A remote attacker could induce a user to access a crafted web page, causing...

Vangene deltaFlow E-platform 代码问题漏洞

The Vangene deltaFlow E-platform is an application system from Vangene, China. Standard forms can be set up quickly in less than five minutes. A code issue exists in Vangene deltaFlow E-platform, which is caused by the upload function not being properly access controlled. A remote attacker can...

Design/Logic Flaw

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitra...

CVE-2020-7850

NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code infection...

CVE-2020-24985

Quadbase EspressReports ES 7 Update 9 is affected. An authenticated user can alter the frmsrc parameter on the MenuPage to retrieve and execute external files or payloads, indicating an input handling/parameter manipulation vulnerability that enables potentially remote file execution within the a...