182 matches found
Adobe Substance 3D Designer 缓冲区错误漏洞
Adobe Substance 3D Designer is a 3D design software from the American company Audobee Adobe. An out-of-bounds write vulnerability exists in Adobe Substance 3D Designer version 13.0.0 and prior versions, which can be exploited by an attacker to execute arbitrary code in the current user's...
Adobe After Effects 缓冲区错误漏洞
Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A security vulnerability exists in Adobe After Effects, which can be...
EulerOS 2.0 SP11 : sudo (EulerOS-SA-2023-1792)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR,...
Adobe Acrobat Reader 输入验证错误漏洞
Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. An input validation error vulnerability exists in Adobe Acrobat Reader, which can be exploited by an attacker to execute arbitrary code in the current user's...
Grafana 跨站脚本漏洞
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus. A cross-site scripting vulnerability exists in Grafana version 8.1, which stems from map attributes not...
SUSE CVE-2014-8169
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...
PYSEC-2021-386
JupyterHub is an open source multi-user server for Jupyter notebooks. In affected versions users who have multiple JupyterLab tabs open in the same browser session, may see incomplete logout from the single-user server, as fresh credentials for the single-user server only, not the Hub reinstated...
CVE-2021-22035
VMware vRealize Log Insight 8.x prior to 8.6 contains a CSVComma Separated Value injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able to embed untrusted data prior to exporting a CSV sheet through Log...
Schneider Electric EcoStruxure Control Expert 路径遍历漏洞
Schneider Electric EcoStruxure Control Expert formerly Unity Pro is a suite of programming software for Schneider Electric logic controller products from Schneider Electric, France. A path traversal vulnerability exists in EcoStruxure Control Expert Classic that stems from a lack of proper...
Input validation
nbgitpuller is a Jupyter server extension to sync a git repository one-way to a local path. Due to unsanitized input, visiting maliciously crafted links could result in arbitrary code execution in the user environment. This has been resolved in version 0.10.2 and all users are advised to upgrade...
SUSE-SU-2021:2473-1 Security update for slurm
This update for slurm fixes the following issues: Updated to 20.11.7 Summary of new features: CVE-2021-31215: Fixed a remote code execution as SlurmUser bsc1186024. slurmd - handle configless failures gracefully instead of hanging indefinitely. select/constres - fix Dragonfly topology not selecti...
Selea CarPlateServer 4.0.1.6 Remote Program Execution
Selea CarPlateServer CPS v4.0.1.6 Remote Program Execution Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120 4.013201105 3.100200225 3.005191206 3.005191112 Summary: Our CPS Car Plate Server software is an advanced solution that can be installed on...
Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation Vulnerability
Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Local Privilege Escalation Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120...
GHSA-G2C4-4M64-VXM3 Malicious Package in buffer-yor
Version 2.0.2 contained malicious code. The package targeted the Ethereum cryptocurrency and performed transactions to wallets not controlled by the user. Recommendation Remove the package from your environment. Ensure no Ethereum funds were compromised...
NewStart CGSL MAIN 4.05 : openssh Multiple Vulnerabilities (NS-SA-2019-0139)
The remote NewStart CGSL host, running version MAIN 4.05, has openssh packages installed that are affected by multiple vulnerabilities: - A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use th...
Windows Escalate UAC Protection Bypass Via SilentCleanup
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via SilentCleanup', 'Description' = %q There's a task in Windows Task Scheduler called "SilentCleanup"...
Wavecrack - Web Interface For Password Cracking With Hashcat
A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Screenshots The homepage Adding an hash to crack Seeing the results and some stats Outline This Web application can be used to launch asynchronous password cracks with hashcat. The...
Password Recovery Platform: Wavecrack
A user-friendly Web interface to share an hashcat cracking box among multiple users with some pre-defined options. Outline This Web application can be used to launch asynchronous password cracks with hashcat . The interface tries to be as user-friendly as possible and facilitates the password...
Directory traversal
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home...