CVE-2023-41780

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges...

CVE-2023-41780

CVE-2023-41780 involves an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI . Connected sources indicate the root cause is the application’s inadequate input validation, enabling a local attacker to escalate privileges. The CNNVD entry specifies affected versions: 7.23.23 and earlier . No exp...

CVE-2023-41780 Unsafe DLL Loading Vulnerability in ZTE ZXCLOUD iRAI

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Due to the program failed to adequately validate the user's input, an attacker could exploit this vulnerability to escalate local privileges...

The vulnerability of the Apache Struts software platform, related to the use of files and directories accessible from external parties, allows a hacker to execute arbitrary code.

The vulnerability of the Apache Struts software platform is related to the use of files and directories accessible from external parties due to incorrect restrictions on the path to the restricted directory during file loading. Exploiting this vulnerability allows a remote attacker to execute...

The vulnerability of the software file loading function in OMICARD EDM ITPison allows a perpetrator to execute arbitrary commands.

The vulnerability of the software file loading function in OMICARD EDM ITPison involves unlimited loading of dangerous types of files. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the file loading function of the Cisco Webex App, which allows a attacker to carry out cross-site scripting attacks

The vulnerability of the file loading function of the Cisco Webex App exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out a cross-site scripting attack remotely...

The vulnerability of the loading function for the Organization/Practice module of the New Open Source Health (NOSH) ChartingSystem electronic medical record system allows a hacker to execute any code and gain full control over the system.

The vulnerability of the loading function for the Organization/Practice module of the New Open Source Health NOSH ChartingSystem electronic medical record system is related to the unlimited loading of dangerous files. Exploiting this vulnerability could allow a malicious actor to execute arbitrar...

Design/Logic Flaw

If an attacker loaded a font using FontFace on a background worker, a use-after-free could have occurred, leading to a potentially exploitable crash. This vulnerability affects Firefox 107...

Apache MXNet 安全漏洞

Apache MXNet is an open source deep learning software framework from the Apache Apache Foundation in the United States. It is used for training and deploying deep neural networks. A security vulnerability exists in Apache MXNet incubating versions prior to 1.9.1, which stems from the use of regul...

CVE-2022-34765

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 and later, OPC UA Modicon Communication...

The vulnerability of the update loading function of the Elcomplus SmartPPT server allows a hacker to execute arbitrary code.

The vulnerability of the update loading function of the Elcomplus SmartPPT server lies in the ability to download files of a dangerous type without limitation. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

iRZ Mobile Router - CSRF to Remote Code Execution Exploit

Exploit Title: iRZ Mobile Router - CSRF to RCE Google Dork: intitle:"iRZ Mobile Router" Exploit Author: Stephen Chavez & Robert Willis Vendor Homepage: https://en.irz.ru/ Software Link: https://github.com/SakuraSamuraii/ez-iRZ Version: Routers through 2022-03-16 Tested on: RU21, RU21w, RL21, RU41...

GHSA-H67M-XG8F-FXCF Deadlock in mutually recursive `tf.function` objects

Impact The code behind tf.function API can be made to deadlock when two tf.function decorated Python functions are mutually recursive: python import tensorflow as tf @tf.function def fun1num: if num == 1: return printnum fun2num-1 @tf.function def fun2num: if num == 0: return printnum fun1num-1...

The vulnerability of Honeywell’s industrial portable computer operating system lies in the lack of restrictions on file loading, allowing a hacker to execute any code on the server.

The vulnerability of Honeywell’s industrial portable computer operating system lies in the lack of restrictions on file loading. Exploiting this vulnerability allows a remote attacker to execute arbitrary code on the server...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14456-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14456-1 advisory. - By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This appli...

OS Command Injection in jw.util

An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safeload is not used...

CVE-2020-6785

Loading a DLL through an Uncontrolled Search Path Element in Bosch BVMS and BVMS Viewer in versions 10.1.0, 10.0.1, 10.0.0 and 9.0.0 and older potentially allows an attacker to execute arbitrary code on a victim's system. This affects both the installer as well as the installed application. This...

CVE-2020-6786

Loading a DLL through an Uncontrolled Search Path Element in the Bosch Video Recording Manager installer up to and including version 3.82.0055 for 3.82, up to and including version 3.81.0064 for 3.81 and 3.71 and older potentially allows an attacker to execute arbitrary code on a victim's system....

The vulnerability of the secure loading process for Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to circumvent the secure loading mechanism.

The vulnerability of the secure loading process for Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD is related to failures in the security mechanisms. Exploiting this vulnerability can allow attackers to bypass the secure loading mechanism...

USN-4535-1: RDFLib vulnerability

Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code. CVE-2019-7653...