CVE-1999-0177

The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs...

Yokogawa CENTUM Improper Access Control (CVE-2024-5650)

If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account. The affected products and versions are as...

Mattermost < 5.8.0 (Windows / Unix) (MMSA-2024-00335)

The version of Mattermost installed on the remote host is prior to 5.8.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00335 advisory. - Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote...

USN-6912-1 provd vulnerability

James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges...

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote

VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...

CVE-2024-39904

VNote (note‑taking platform) before version 3.18.1 is affected by a code execution vulnerability that can be triggered via crafted notes containing local file references (for example, file:///C:/WINDOWS/system32/cmd.exe or calc.exe). The underlying issue is a local file path handling/URI embeddin...

Mattermost < 5.8.0 (macOS) (MMSA-2024-00335)

The version of Mattermost installed on the remote host is prior to 5.8.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00335 advisory. - Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote...

CVE-2024-5650

CVE-2024-5650 — Yokogawa CENTUM DLL hijacking affects CENTUM CS 3000 (R3.08.10–R3.09.50) and CENTUM VP (R4.01.00–R4.03.00, R5.01.00–R5.04.20, R6.01.00–R6.11.10). The root cause is improper access control allowing an attacker with local access or shared-folder access to replace a DLL with a tamper...

GHSA-HVXG-77MG-VRVP Mattermost Desktop App Remote Code Execution

Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...

CVE-2024-37182

Mattermost Desktop App prior to 5.8.0 is affected (versions

CVE-2024-37182 Lack of permissions prompting when opening external URLs

Mattermost Desktop App versions =5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI schemes...

CVE-2022-2484

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs...

CVE-2022-2484

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs...

Yokogawa CENTUM and ProSafe-RS

1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: CENTUM and ProSafe-RS Vulnerabilities: OS Command Injection, Improper Authentication, NULL Pointer Dereference, Improper Input Validation, Resource Management Errors 2. RISK...

Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server HFS or HttpFileServer allows remote attackers to execute arbitrary programs...

OS command injection in ripgrep

ripgrep before 13 on Windows allows attackers to trigger execution of arbitrary programs from the current working directory via the -z/--search-zip or --pre flag...

CVE-2021-3013

CVE-2021-3013 concerns ripgrep before version 13 on Windows, where the -z/--search-zip or --pre flags allow triggering execution of arbitrary programs from the current working directory. The connected data confirms this as a Windows-specific command-injection-style issue affecting ripgrep’s ZIP-s...

SUSE: Security Advisory (SUSE-SU-2012:1155-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco Jabber Multiple Vulnerabilities (cisco-sa-cisco-jabber-PWrTATTC)

According to its self-reported version, Cisco Jabber is affected by multiple vulnerabilities which could allow a remote, authenticated attacker to execute arbitrary programs on the underlying operating system with the privileges of the user account that is running the Cisco Jabber client software...