47 matches found
EUVD-2015-5783
Malware in sbrugna...
EUVD-2015-5716
Malware in sbrugna...
EUVD-2012-4362
Malware in sbrugna...
EUVD-2007-1589
Malware in sbrugna...
EUVD-2004-0760
Malware in sbrugna...
CVE-2025-55746
Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...
CVE-2024-36987
The CVE-2024-36987 vulnerability affects Splunk Enterprise versions prior to 9.2.2, 9.1.5, and 9.0.10, and Splunk Cloud Platform versions before 9.1.2312.200. An authenticated, low-privileged user who lacks admin/power roles can upload a file with an arbitrary extension via the indexing/preview R...
ChuanhuChatGPT Code Issue Vulnerability
ChuanhuChatGPT provides a fast and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A code issue vulnerability exists in ChuanhuChatGPT 20240310 and prior versions, which stems from insufficient validation of uploaded file types, allowing an attacker to upload file...
PT-2023-4463 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.96 Description: The issue is related to insufficient policy enforcement in the Extensions API of Google Chrome, allowing a remote attacker to install arbitrary extensions using a specially crafted HT...
ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Exploit Title: ASUS ASMB8 iKVM RCE and SSH Root Access Date: 2023-02-16 Exploit Author: [email protected] for NetworkSEC NWSSA-002-2023 Vendor Homepage: https://servers.asus.com/search?q=ASMB8 Version/Model: ASMB8 iKVM...
ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root Vulnerability
ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account...
SUSE CVE-2007-1595
The Asterisk Extension Language AEL in pbx/pbxael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a certain form...
SUSE CVE-2012-4427
The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force the download and installation of arbitrary extensions from extensions.gnome.org via a crafted web page...
CVE-2021-40344
An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME type corresponds to an image. Therefore it is possible to upload a crafted PHP script to achieve remote command execution...
Nagios XI 代码问题漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 5.8.5, which stems from the software's lack of...
Design/Logic Flaw
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. This is also exploitable via SSRF. Note: The ability to upload visualization plugins requires administrator privileges...
Valve: Malformed save files (.sav) allow to write files with arbitrary extensions and content in GoldSrc-based games.
The structure of the save file implies unpacking of temporary files with extensions .HL1, .HL2 and .HL3. In the code of command 'load', there is a check for invalid substrings, such as .., so unpacking the files into the top directories will not work. Also, it seems, there is a code for checking...
Design/Logic Flaw
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the...
Design/Logic Flaw
PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app...
CVE-2015-5837
Apple iOS PluginKit in versions before 9 allows bypassing the intended app-trust check to install arbitrary extensions via a crafted enterprise app. The root cause is/are the insufficient validation checks during extension installation, enabling an enterprise app to push extensions before user tr...