The vulnerability of Windows operating systems, related to errors in file signature checking, allows a hacker to load arbitrary files.

The vulnerability of Windows operating systems is related to errors during file signature verification. Exploiting this vulnerability can allow an attacker to load arbitrary files...

UPDATE: Empire v3.4.0

Empire v3.4.0 was released a couple of days ago! I briefly mentioned about this tool in my old post titled - List of Open Source C2 Post-Exploitation Frameworks. This new version brings support for Malleable C2 listeners and reflective file loading among other bug fixes. What is Empire? Empire 3....

CVE-2020-14940

An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar 1.5.4. It uses misconfigured XML parsers, leading to XXE while loading GP6 .gpx and GP7 .gp tablature files...

The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server lies in their susceptibility to unlimited loading of dangerous files, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server relates to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially created package...

The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server lies in their susceptibility to unlimited loading of dangerous files, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server, SharePoint Foundation, and SharePoint Enterprise Server relates to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by loading a specially created package...

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in their ability to allow unlimited loading of dangerous types of files, enabling attackers to execute arbitrary code.

The vulnerability of Microsoft SharePoint Server and SharePoint Enterprise Server lies in the ability to download unlimited files of a malicious nature. Exploiting this vulnerability allows an attacker to execute arbitrary code by downloading a specially created package...

CVE-2020-1802

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product...

Input validation

There is an insufficient integrity validation vulnerability in several products. The device does not sufficiently validate the integrity of certain file in certain loading processes, successful exploit could allow the attacker to load a crafted file to the device through USB.Affected product...

CVE-2020-1802

CVE-2020-1802 pertains to Huawei OSCA-550 family devices with an insufficient integrity validation vulnerability during loading via USB. Affected versions include OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X v1.0.1.23(SP2). The root cause is inadequate integrity checks on certain files during t...

The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex allows a perpetrator to upload a malicious file to the server.

The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to upload a malicious file to the server remotely...

CVE-2019-12365

The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12369

The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12367

The BlueMail application through 1.9.5.36 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12368

The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12370

The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12369

The TypeApp application through 1.9.5.35 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12366

The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12365

The Newton application through 10.0.23 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12366

The Nine application through 4.5.3a for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...

CVE-2019-12370

The Spark application through 2.0.2 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READEXTERNALSTORAGE permission...