Security Bulletin: IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability (WS-2026-0003)

Summary IBM SPSS Analytic Server is affected by a jackson-core async parser DoS vulnerability WS-2026-0003. This has been addressed in the remediation section. Vulnerability Details ID:WS-2026-0003 DESCRIPTION: The non-blocking async JSON parser in jackson-core bypasses the maxNumberLength...

Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)

Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...

Security Bulletin: IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika (CVE-2025-66516)

Summary IBM SPSS Analytic Server is affected by Critical XXE vulnerability in Apache Tika CVE-2025-66516. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and...

EUVD-2020-3111

Malware in sbrugna...

GHSA-QC3Q-8RR8-8P5V Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

CVE-2024-21516

Summary: CVE-2024-21516 affects opencart/opencart versions 4.0.0.0 through before 4.1.0.0. A reflected XSS exists in the directory parameter of the admin common/filemanager.list route. By tricking a user into clicking a malicious URL, an attacker can obtain the user’s token through login prompts,...

CVE-2024-21517

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

PT-2024-24198 · Terabyte Unlimited · Image For Windows

Name of the Vulnerable Software and Affected Versions: TeraByte Unlimited Image for Windows versions 3.64.0.0 and earlier Description: An issue in the software allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component. This enables the attacker to gain...

McAfee True Key Cross-Site Scripting Vulnerability

McAfee True Key TK is an authentication application from the American company McAfee. The program supports features such as facial information recognition and fingerprint recognition. A security vulnerability exists in McAfee TK 4.0.0.0 and earlier versions. The vulnerability can be exploited by ...

Argus Surveillance DVR System Elevation of Privilege Vulnerability

Argus Surveillance DVR is a video playback tool. A system elevation of privilege vulnerability exists in the Argus Surveillance DVR 4.0.0.0 device, where placement of a trojan file DLL named "gsmcodec.dll" in the Argus application directory will result in arbitrary code execution with SYSTEM...

Network Scanner 4.0.0 - SEH Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python -- coding: utf-8 -- Network Scanner Version 4.0.0.0 - SEH Overflow Exploit by n30m1nd Date: 2016-10-21 Exploit Author: n30m1nd Exploit Title: Network Scanner Version 4.0.0.0 SEH Based Exploit Vendor Homepage:...

Network Scanner 4.0.0.0 SEH Overflow

!/usr/bin/python -- coding: utf-8 -- Network Scanner Version 4.0.0.0 - SEH Overflow Exploit by n30m1nd Date: 2016-10-21 Exploit Author: n30m1nd Exploit Title: Network Scanner Version 4.0.0.0 SEH Based Exploit Vendor Homepage: http://www.mitec.cz/ Software Link:...

Network Scanner 4.0.0.0 SEH Crash Proof Of Concept

-- coding: utf-8 -- Exploit Title: Network Scanner Version 4.0.0.0 SEH Crash POC POC Dork: N/A Date: 2016-02-15 Author: INSECT.B Twitter : @INSECT.B Facebook : https://www.facebook.com/B.INSECT00 Blog : http://binsect00.tistory.com Vendor Homepage: http://www.mitec.cz/ Software Link:...

Network Scanner 4.0.0.0 - Crash (SEH) (PoC)

Network Scanner 4.0.0.0 - Crash SEH PoC -- coding: utf-8 -- Exploit Title: Network Scanner Version 4.0.0.0 SEH Crash POC POC Dork: N/A Date: 2016-02-15 Author: INSECT.B Twitter : @INSECT.B Facebook : https://www.facebook.com/B.INSECT00 Blog : http://binsect00.tistory.com Vendor Homepage:...

Network Scanner Version 4.0.0.0 - SEH Crash (PoC)

Exploit for windows platform in category dos / poc -- coding: utf-8 -- Exploit Title: Network Scanner Version 4.0.0.0 SEH Crash POC POC Dork: N/A Date: 2016-02-15 Author: INSECT.B Twitter : @INSECT.B Facebook : https://www.facebook.com/B.INSECT00 Blog : http://binsect00.tistory.com Vendor Homepag...

Barcodewiz 'Barcodewiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow

source: https://www.securityfocus.com/bid/54701/info BarCodeWiz ActiveX control is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input. An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that...