101 matches found
CVE-2023-33254
There is an LDAP bind credentials exposure on KACE Systems Deployment and Remote Site appliances 9.0.146. The captured credentials may provide a higher privilege level on the Active Directory domain. To exploit this, an authenticated attacker edits the user-authentication settings to specify an...
SUSE CVE-2019-18609
An issue was discovered in amqphandleinput in amqpconnection.c in rabbitmq-c 0.9.0. There is an integer overflow that leads to heap memory corruption in the handling of CONNECTIONSTATEHEADER. A rogue server could return a malicious frame header that leads to a smaller targetsize value than needed...
SUSE CVE-2022-41325
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...
Integer Overflow
vlc is vulnerable to integer overflows. The vulnerability exists through the VNC module via tricking a user into opening a crafted playlist or connecting to a rogue VNC server, which allows a malicious attacker to cause integer overflows...
DEBIAN-CVE-2022-41325
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...
UBUNTU-CVE-2022-41325
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...
CVE-2022-41325
An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions...
Vulnerability fixed in rsync
A vulnerability has been fixed in rsync. The vulnerability allows a malicious person to overwrite arbitrary files on the victim's system. To exploit this vulnerability exploitation, the victim must connect to a rogue rsync server. The developers of rsync have created a new version to fix the...
redis-rce
PoC exploit for Redis RCE Remote Code Execution in Redis 4.x/5.x. The exploit is inspired by Redis post-exploitation techniques and is based on a modified version of the Redis Rogue Server. The exploit uses the RedisModules-ExecuteCommand library to load a custom Redis module, which allows for...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Artifex Gsview
PoC exploit for CVE-2017-14947, an RCE vulnerability in Redis 4.x/5.x. The target product/service is Redis, and the vulnerability class/vector is RCE Remote Code Execution. The probable entry point is the RedisModules module, and the execution context is a Python script redis-rce.py that is...
CVE-2021-33488
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook...
CVE-2021-33488
chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook...
Bugs in Managed DNS Services Cloud Let Attackers Spy On DNS Traffic
Cybersecurity researchers have disclosed a new class of vulnerabilities impacting major DNS-as-a-Service DNSaaS providers that could allow attackers to exfiltrate sensitive information from corporate networks. "We found a simple loophole that allowed us to intercept a portion of worldwide dynamic...
Vulnerability found in Mozilla Firefox
Researchers have found a vulnerability in Mozilla Firefox. The vulnerability allows a remote malicious person to execute arbitrary JavaScript code in the context of the web browser. To exploit this vulnerability, a malicious person to induce the victim to visit a rogue server. visit. Then, the...
Eaton Intelligent Power Manager 代码注入漏洞
Eaton Intelligent Power Manager IPM is an intelligent power manager from Eaton Corporation that supports remote monitoring and management of multiple devices in a network from an interface. A remote code execution vulnerability exists in Eaton Intelligent Power Manager versions prior to 1.69, whi...
CVE-2020-25239
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0. The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with...
CVE-2020-25239
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0. The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with...
Authorization
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0. The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with...
CVE-2020-25239
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.0. The webserver could allow unauthorized actions via special urls for unpriviledged users. The settings of the UMC authorization server could be changed to add a rogue server by an attacker authenticating with...
Vulnerability fixed in containerd
A vulnerability has been fixed in containerd, which is used by Docker and Kubernetes, among others. A malicious party could vulnerability potentially exploit it to gain access to login credentials to an internal or external image registry. To do so the malicious party must induce the user to pull...