CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2022/08/03 12:19 a.m.•56 views

CVE-2022-34927

CVE-2022-34927 affects MilkyTracker v1.03.00. It is a stack overflow in the LoaderXM::load component triggered by a crafted XM module file. Public entries assign high severity (CVSS 3.1: 7.8). The supplied documents do not provide exploitation details or a patch/remediation.

7.8CVSS7.6AI score0.00371EPSS

Exploits1References2Affected Software1

UbuntuCve•added 2022/08/03 12:0 a.m.•26 views

CVE-2022-34927

MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file...

7.8CVSS7.1AI score0.00371EPSS

CNNVD•added 2022/08/03 12:0 a.m.•2 views

MilkyTracker 缓冲区错误漏洞

MilkyTracker is an application that plays MOD format files and arranges music. A security vulnerability exists in MilkyTracker v1.03.00, which originates when an attacker provides a crafted XM module file to the LoaderXM::load component, allowing the attacker to take control of the execution flow...

7.8CVSS7.8AI score0.00371EPSS

Positive Technologies•added 2022/06/02 12:0 a.m.•3 views

PT-2022-11725 · Totolink · Totolink Ex1200T

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX1200T version 4.1.2cu.5215 Description: The issue concerns a remote command injection vulnerability. This vulnerability is located in the setDiagnosisCfg function of the file lib/cste modules/system.so, which can be exploited to...

10CVSS9.8AI score0.05043EPSS

Exploits1References5

ATTACKERKB•added 2022/03/29 8:15 a.m.•3 views

CVE-2022-1032

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6...

7.2CVSS7.2AI score0.01579EPSS

NVD•added 2022/03/29 8:15 a.m.•23 views

CVE-2022-1032

Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6...

7.2CVSS0.01579EPSS

Huntr•added 2022/03/11 5:1 p.m.•35 views

Insecure deserialization of not validated module file

Description In recent Crater version 18507ddb tag: 6.0.6 highly privileged user can upload malicious module file and run insecure deserialization, which can lead to remote code execution. Proof of Concept 1. Prepare PHAR file - php --define phar.readonly=0 phar.php PHP data = $data; function...

6.5CVSS0.3AI score0.01579EPSS

OSV•added 2022/03/01 3:15 p.m.•1 views

CVE-2021-44238

AyaCMS 3.1.2 is vulnerable to Remote Code Execution RCE via /aya/module/admin/usttabe.inc.php,...

7.2CVSS7.2AI score0.01767EPSS

Exploits1References1

CNVD•added 2020/05/07 12:0 a.m.•1 views

Logic flaw vulnerability in YCCMS Ad***.cl***.php file

YCCMS is a version of PHP5 + MYSQL as the technical basis for the development of lightweight CMS station-building system. A logic flaw exists in the YCCMS Ad.cl.php file. An attacker can use the vulnerability to change any user name and password without authorization...

7AI score

BDU FSTEC•added 2019/02/07 12:0 a.m.•3 views

The vulnerability in the “soundlib/Snd_fx.cpp” file of the OpenMPT tracker software and the libopenmpt library for processing modular music allows a hacker to trigger a service failure.

The vulnerability in the “soundlib/Sndfx.cpp” file of the OpenMPT tracker software and the libopenmpt library for processing modular music is related to buffer overflows and reading beyond the maximum memory limit. Exploiting this vulnerability could allow a malicious actor to cause service...

6.5CVSS7.3AI score0.02155EPSS

Exploits0References4Affected Software2

CNVD•added 2019/01/21 12:0 a.m.•1 views

Code Execution Vulnerability in Ac***.cl***.php in LmxCMS V1.4 Backend

Dream Cms, hereinafter referred to as "lmxcms", is a simple and practical website management system cms developed by "10 years" screen name. A code execution vulnerability exists in Ac.cl.php in the backend of LmxCMS V1.4. An attacker can exploit the vulnerability to launch a remote command...

7.8AI score

OSV•added 2018/07/19 7:39 a.m.•3 views

SUSE-SU-2018:1992-1 Security update for perl

This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files bsc1096718...

7.5CVSS7.7AI score0.08207EPSS

CNVD•added 2016/10/17 12:0 a.m.•1 views

SQL Injection Vulnerability in KuaiFanCMS File /upload/kuaifan/module/lianjie/index.module.php

KuaiFanCMS V5.x is developed with PHP5+MYSQL as the technical base. kf is built with Smarty template engine. KuaiFanCMS file /upload/kuaifan/module/lianjie/index.module.php at the existence of SQL injection vulnerability, an attacker can be exploited to obtain sensitive database information...

7.8AI score

seebug.org•added 2016/03/06 12:0 a.m.•22 views

Joomla 模块com_cckjseblod 参数file任意文件读取漏洞

No description provided by source...

7.1AI score

RedhatCVE•added 2015/10/30 10:8 a.m.•20 views

CVE-2006-3879

Integer overflow in the loadChunk function in loaders/loadgt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER GT2 module file with a large 0xffffffff comment length value in an XCOM chunk...

5CVSS7.4AI score0.09266EPSS