Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 POC POC For A Pre Auth Double Free Vulnerability...

VulnCheck KEV: CVE-2023-2868

Barracuda Email Security Gateway ESG appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection...

SUSE CVE-2004-0759

Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an tag...

SUSE CVE-2008-5021

nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code by modifying properties of a file input element while it is stil...

SUSE CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...

CVE-2022-40784

Unlimited strcpy on user input when setting a locale file leads to stack buffer overflow in mIPC camera firmware 5.3.1.2003161406...

mIPC camera 缓冲区错误漏洞

mIPC camera firmware is a camera from mIPC. mIPC camera firmware version 5.3.1.2003161406 is vulnerable to an input validation error, which stems from unrestricted user input when setting up a zone file and can be exploited by an attacker to trigger a stack buffer overflow...

CVE-2021-40647

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it...

CVE-2021-40647

In man2html 1.6g, a specific string being read in from a file will overwrite the size parameter in the top chunk of the heap. This at least causes the program to segmentation abort if the heap size parameter isn't aligned correctly. In version before GLIBC version 2.29 and aligned correctly, it...

Delta Electronics DOPSoft 缓冲区错误漏洞

Delta Electronics DOPSoft is a Human Machine Interface HMI software suite from Delta Electronics Taiwan, China. A buffer error vulnerability exists in Delta Electronics DOPSoft, which arises from the processing of specific project files without properly sanitizing the user input could result in t...

PT-2022-14859 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager plugin for WordPress versions up to, and including, 3.2.46 Description: The issue is related to Stored Cross-Site Scripting via the filefiles parameter due to insufficient input sanitization and output escaping. This allows...

.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'...

UBUNTU-CVE-2021-3643

A flaw was found in sox 14.4.1. The lsxadpcminit function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information...

The vulnerability of the libsndfile library for reading and writing audio files involves a numerical overflow with empty stack traces, allowing an attacker to execute arbitrary code in the target system.

The vulnerability of the libsndfile library for reading and writing audio files is related to a numerical overflow with empty stack traces. Exploiting this vulnerability could allow an attacker to execute arbitrary code on the target system...

Input validation

An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the...

CVE-2022-24399

The SAP Focused Run Real User Monitoring - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2022-0351

A flaw was found in vim. The vulnerability occurs due to too many recursions, which can lead to a segmentation fault. This flaw allows an attacker to input a specially crafted file, leading to a crash or code execution...

CVE-2022-23935

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file = /|$/ check, leading to command injection...

CVE-2021-4173

A flaw was found in vim. A possible use after free vulnerability could allow an attacker to input a specially crafted file leading to a crash or code execution...

Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability

Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for...