CVE-2024-53910

An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized...

CVE-2024-42789

A Reflected Cross Site Scripting XSS vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via the "page" parameter...

CVE-2024-24512

Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component...

CVE-2020-20523

Cross Site Scripting XSS vulnerability in admuser parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation...

Adobe Bridge Memory Out-of-Bounds Access Vulnerability (CNVD-2021-63267)

Adobe Bridge is a free digital asset management application from Adobe. 11.1 and earlier versions of Adobe Bridge contain a memory out-of-bounds access vulnerability. An attacker could exploit the vulnerability to execute arbitrary code...

CVE-2013-1592

SAP NetWeaver Message Server contains CVE-2013-1592 (and related CVE-2013-1593) buffer-overflow vulnerabilities in the Message Server module. The flaw resides in _MsJ2EE_AddStatistics(), where the attacker-controlled MSJ2EE_HEADER.serviceid is used to index the global j2ee_stat_services array wit...

Bitdefender Antivirus Plus avc3 Kernel Driver Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Bitdefender Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2015-0332

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2015-0333,...

CedStat 1.31 Index.PHP Cross-Site Scripting Vulnerability

source: http://www.securityfocus.com/bid/22653/info CedStat is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Microsoft Internet Explorer Memory Corruption (MS14-010: CVE-2014-0270)

A Remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory. A remote attacker can exploit this issue by enticing a victim to view a specially crafted website with an affecte...

Mandriva Linux Security Advisory : pidgin (MDVSA-2012:105)

A vulnerability has been discovered and corrected in pidgin : Incorrect handing of inline images in incoming instant messages can cause a buffer overflow and in some cases can be exploited to execute arbitrary code CVE-2012-3374. This update provides pidgin 2.10.6, which is not vulnerable to this...

IBM System Director Agent 5.20 - CIM Server Privilege Escalation

source: https://www.securityfocus.com/bid/34065/info IBM Director is prone to a privilege-escalation vulnerability that affects the CIM server. Attackers can leverage this issue to execute arbitrary code with elevated privileges in the context of the CIM server process. Versions prior to IBM...

DoceboLMS <= 2.0.4 connector.php Shell Upload Exploit

No description provided by source. ?php ---docebo204xpl.php 15.38 04/12/2005 DoceboLMS AKA SpaghettiLearning= 2.0.4 connector.php Shell Upload coded by rgod site: http://rgod.altervista.org usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "This is called, using the conquered...