EUVD-2025-19719

Malicious code in bioql PyPI...

EUVD-2023-31601

Malicious code in bioql PyPI...

CVE-2025-34067

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

CVE-2025-34067 Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an...

CVE-2025-34067

CVE-2025-34067 affects Hikvision Integrated Security Management Platform (applyCT component). The flaw is deserialization of untrusted input in /bic/ssoService/v1/applyCT via vulnerable Fastjson auto-type, enabling remote code execution by loading a malicious Java class referenced through an LDAP...

CVE-2023-27866

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511...

PT-2024-4148 · Apache · Apache Directory Ldap Api

Name of the Vulnerable Software and Affected Versions: Apache Directory LDAP API affected versions not specified Description: The issue is related to a lack of control over user-input data in the LDAP URL parser component. This can be exploited by a remote attacker to cause a denial of service...

PT-2025-27626

Name of the Vulnerable Software and Affected Versions Hikvision Integrated Security Management Platform affected versions not specified Description An unauthenticated remote command execution issue exists in the applyCT component of the Hikvision Integrated Security Management Platform. This is d...

CLSA-2023-1688678407 Fix CVE(s): CVE-2023-2953

SECURITY UPDATE: null pointer dereference in bermemallocx - debian/patches/CVE-2023-2953.patch: added check for strdup failure in ldifopenurl, ldapurlparsehosts. - CVE-2023-2953...

CVE-2023-27866

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511...

CVE-2023-27866 IBM Informix JDBC code execution

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in Connect String. IBM X-Force ID: 249511...

CVE-2023-27866

CVE-2023-27866 affects IBM Informix JDBC Driver versions 4.10 and 4.50, with a remote code execution risk via JNDI injection when the LDAP URL in the Connect String is not verified. Affected software: Informix JDBC 4.10.x and 4.50.x. Root cause: unverified LDAP URL enabling JNDI injection. Impact...

PT-2023-21383 · Ibm · Ibm Informix Jdbc Driver

Name of the Vulnerable Software and Affected Versions: IBM Informix JDBC Driver versions 4.10 and 4.50 Description: The issue allows for remote code execution via JNDI injection when the driver code or the application using the driver does not verify the supplied LDAP URL in the Connect String...

Log4j “Log4Shell” RCE explained (CVE-2021-44228)

Hello everyone! I decided to make a separate episode about Log4Shell. Of course, there have already been many reviews of this vulnerability. But I do it primarily for myself. It seems to me that serious problems with Log4j and similar libraries will be with us for a long time. Therefore, it would...

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2018-0500. Zhaoyang Wu discovered tha...

Debian DSA-4136-1 : curl - security update

Multiple vulnerabilities were discovered in cURL, an URL transfer library. - CVE-2018-1000120 Duy Phan Thanh discovered that curl could be fooled into writing a zero byte out of bounds when curl is told to work on an FTP URL with the setting to only issue a single CWD command, if the directory pa...

Apache HTTP Server mod_rewrite Vulnerability

受影响系统：Apache Group Apache 2.2.x = 2.2.0Apache Group Apache 2.0.x = 2.0.46Apache Group Apache 1.3.x = 1.3.28不受影响系统：Apache Group Apache 2.2.3Apache Group Apache 2.0.59Apache Group Apache...

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

Apache mod_rewrite LDAP URL buffer overflow

Added: 06/22/2007 CVE: CVE-2006-3747 BID: 19204 OSVDB: 27588 Background modrewrite is an Apache module which allows rule-based modification of URL requests. Problem An off-by-one buffer overflow vulnerability in modrewrite allows command execution when the escapeabsoluteuri function attempts to...

POC & exploit for Apache mod_rewrite off-by-one

Public release date of POC/Exploit: 2006-08-20 Author: Jacobo Avariento Gimeno CVE id: CVE-2006-3747 Bugtraq id: 19204 CERT advisory: VU395412 Severity: high Introduction ---- On July 28 2006 Mark Dowd McAfee Avert Labs reported a vulnerability found in modrewrite apache module to the bugtraq...