GHSA-6M6M-J2HM-PXRG Malicious Package in cicada-render

All versions of cicada-render contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

Malicious Package in antd-cloud

All versions of antd-cloud contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that comput...

GHSA-RJHC-W3FJ-J6X9 Malicious Package in alipayjsapi

All versions of alipayjsapi contain malicious code. The package uploads system information to a remote server, downloads a file and executes it. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

CVE-2020-16602

The CVE concerns Razer Chroma SDK Rest Server. A race condition allows remote code execution by replacing a file created under %PROGRAMDATA%\Razer Chroma\SDK\Apps before it is executed, with exploitation requiring network access on port 54236 during a registration step. Affected software: Razer C...

CVE-2020-16602

Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. The attacker must have access to port 54236...

Exploit for CVE-2020-1938

Ghostcat exp for CNVD-2020-10487CVE-2020-1938 tomcat ajp协议任意属性设置导致的文件读取和文件执行。 漏洞分析 代码仅供安全测试，请勿用于非法用途,造成的后果使用者负责与本人无关！！！ python3 ajpShooter.py -h /\ / \ | | | //\ | | ' \ \ | ' \ / \ / | / \ '| / | | | | \ \ | | | | | || / | / // | ./ /| ||/ / \|| |/|| 00theway,just for test usage:...

CVE-2020-14490

OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files...

CVE-2020-14490

OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files...

CVE-2020-14490 OpenClinic GA

OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files...

CVE-2020-14490

OpenClinic GA versions 5.09.02 and 5.89.05b contain a path traversal vulnerability (CWE-22) that allows arbitrary local files to be specified via parameters and may execute uploaded files, risking disclosure of sensitive data and code execution. The issue corresponds to CVE-2020-14490; root cause...

LibreHealth EHR Local File Inclusion Vulnerability

LibreHealth EHR is a free open source electronic health record and medical practice management application. LibreHealth EHR 2.0.0 suffers from a local file inclusion vulnerability that can be exploited by an attacker to include and execute arbitrary PHP files in the EMR application...

Command Execution Vulnerability in Ramme

Ramme is an unofficial Instagram desktop application. Ramme suffers from a command execution vulnerability that can be exploited by attackers to execute malicious code due to the program's failure to package the main files, which can result in local arbitrary file execution...

OpenClinic GA File Upload Vulnerability

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. A file upload vulnerability exists in OpenClinic GA version 5.09.02 and 5.89.05b, which stems from the program faili...

Plex Unpickle Dict Windows RCE

This module exploits an authenticated Python unsafe pickle.load of a Dict file. An authenticated attacker can create a photo library and add arbitrary files to it. After setting the Windows only Plex variable LocalAppDataPath to the newly created photo library, a file named Dict will be unpickled...

GOG GalaxyClientService Privilege Escalation Exploit

This Metasploit module will send arbitrary filepaths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected. This module requires Metasploit: https://metasploit.com/download Current...

CVE-2020-7813

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution...

Privilege escalation

An elevation of privilege vulnerability exists in Windows Error Reporting WER when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088...

Pi-hole code issue vulnerability

Pi-hole is a web-grade ad-blocking application from Pi-hole.Gravity updater is an auto-updating plugin used in it. A code issue vulnerability exists in gravityDownloadBlocklistFromUrl in Gravity updater in Pi-hole 4.4 and prior versions. An attacker can exploit this vulnerability to write a PHP...

CVE-2019-19164

dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code...

CVE-2019-19164 Dext5 Upload ActiveX Arbitrary File Execution Vulnerability

dext5.ocx ActiveX Control in Dext5 Upload 5.0.0.112 and earlier versions contains a vulnerability that could allow remote files to be executed by setting the arguments to the activex method. A remote attacker could induce a user to access a crafted web page, causing damage such as malicious code...