CVE-2026-27181 MajorDoMo Unauthenticated Module Uninstall via Market Endpoint

MajorDoMo aka Major Domestic Module allows unauthenticated arbitrary module uninstallation through the market module. The market module's admin method reads gr'mode' from $REQUEST and assigns it to $this-mode at the start of execution, making all mode-gated code paths reachable without...

MiracleLinux 7 : libreoffice-5.3.6.1-21.el7 (AXSA:2019-4181:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4181:02 advisory. libreoffice: Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning CVE-2018-16858 Tenable has extracted the...

EUVD-2005-0438

Malware in sbrugna...

Privilege Escalation

The kernel contains privilege escalation. A flaw in devload could allow a local user who has the CAPNETADMIN capability to load arbitrary modules from "/lib/modules/", instead of only netdev modules...

Authentication Bypass

Apache Geronimo is vulnerable to authentication bypass. This is caused by improper exception handling for failed logins, which would allow a remote attacker to bypass authentication requirements and deploy arbitrary modules and gain administrative access by submitting a blank username and passwor...

Design/Logic Flaw

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with...

Directory traversal

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

Google Chrome createCustomType Function Information Disclosure Vulnerability

Google Chrome is a web browsing tool developed by Google. In Google Chrome versions prior to 51.0.2704.79, the extensions/renderer/resources/binding.js/createCustomType function does not validate the module type, an information disclosure vulnerability exists, which can be exploited by remote...

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

CVE-2016-1698

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

CVE-2016-1698

Removed by vendor...

chromium-browser: information leak in extension bindings

The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to load arbitrary modules or obtain sensitive information by leveraging a poisoned definition...

Unspecified Arbitrary Module Loading Vulnerability in Module::Signature Module for Perl

Perl is a programming language. An unspecified security vulnerability in Module::Signature Module for Perl could be exploited by remote attackers to load arbitrary modules...

CVE-2014-9644

The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AFALG socket with a parenthesized module template expression in the salgname field, as demonstrated by the vfataes expression, a different vulnerability than...