Open Design Alliance Drawings SDK Buffer Overflow Vulnerability (CNVD-2021-89163)

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The development package provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for t...

Check Point Response to CVE-2021-36299, CVE-2021-36300, CVE-2021-36301, CVE-2021-20235 - Dell iDRAC9 Vulnerabilities

Cause CVE-2021-36299 - An SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. CVE-2021-36300 -...

Heap overflow

A vulnerability has been identified in JT2Go All versions V13.2, Solid Edge SE2021 All Versions SE2021MP5, Teamcenter Visualization All versions V13.2. The plmxmlAdapterSE70.dll library in affected applications lacks proper validation of user-supplied data when parsing ASM files. This could resul...

Backdoor.Win32.Zombam.gen Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404B.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Unauthenticated URL Command Injection Description: Zombam...

Foxit Reader XFA Form Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of XFA...

GHSA-XFXF-QW26-HR33 Arbitrary command execution in roar-pidusage

This affects all current versions of package roar-pidusage. If attacker-controlled user input is given to the stat function of this package on certain operating systems, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without inpu...

CVE-2021-23381

This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23375

This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23374

This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization...

CVE-2021-23359

This affects all versions of package port-killer. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the childprocess exec function without input sanitization. Running this PoC will cause the command touch success to be...

CVE-2021-23352

This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image, .svg or .dot functions are called, is executed by the childprocess.exec function...

Arbitrary Command Injection

Overview port-killer is a Kills the process running on a given port assuming you have permission to do so Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This...

McAfee Total Protection Arbitrary Process Execution Vulnerability

McAfee Total Protection MTP is a one-stop security suite. An arbitrary process execution vulnerability exists in McAfee Total Protection versions prior to 16.0.30. An attacker could exploit this vulnerability to bypass the MTP self-defense by elevating privileges and executing arbitrary code...

Integer overflow

An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the...

CVE-2021-23874

Arbitrary Process Execution vulnerability in McAfee Total Protection MTP prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense...

CVE-2021-23874 McAfee Total Protection (MTP) privilege escalation vulnerability

Arbitrary Process Execution vulnerability in McAfee Total Protection MTP prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense...

CVE-2021-23874

CVE-2021-23874 affects McAfee Total Protection (MTP) versions prior to 16.0.30. The vulnerability is an Arbitrary Process Execution leading to local privilege escalation and code execution by a local user, bypassing MTP self-defense. Affected component: MTP privilege management; root cause: impro...

CVE-2021-23874

Arbitrary Process Execution vulnerability in McAfee Total Protection MTP prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

迈克菲 McAfee Total Protection 权限许可和访问控制问题漏洞

McAfee Total Protection MTP is a one-stop security suite. An arbitrary process execution vulnerability exists in McAfee Total Protection versions prior to 16.0.30. An attacker could exploit this vulnerability to bypass the MTP self-defense by elevating privileges and executing arbitrary code...

K7 Computing K7AntiVirus Premium Access Control Error Vulnerability (CNVD-2021-02810)

K7AntiVirus Premium is a security suite from K7 Computing that provides reliable protection against online threats and fraudulent activities, thus protecting you from viruses and cyber attacks. An access control error vulnerability exists in K7Sentry.sys in K7 Computing K7AntiVirus Premium...