46 matches found
CVE-2009-1433
SQL injection vulnerability in File::find filesystem/File.php in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter...
GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The...
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery CSRF Exploit Author: m4xth0r Maximiliano Belino Author website: https://maxibelino.github.io/ Author email : max.cybersecurity at belino.com GitHub disclosure link:...
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of FLI files. The...
CVE-2025-22132
CVE-2025-22132 affects the WeGIA web manager for charitable institutions. The vulnerability is a Cross-Site Scripting (XSS) in the file upload functionality at the endpoint WeGIA/html/socio/sistema/controller/controla_xlsx.php . An attacker can upload a file containing malicious JavaScript, causi...
Siemens Tecnomatix Plant Simulation Stack Buffer Overflow Vulnerability (CNVD-2023-56535)
Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany, that uses discrete-event simulation to analyze and optimize throughput and thereby improve manufacturing system performance. Siemens Tecnomatix Plant Simulation suffers from a stack buffer overflow...
Directory traversal
An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal...
CVE-2022-1529
An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR 91.9.1...
CVE-2021-44002
A vulnerability has been identified in JT Open All versions V11.1.1.0, JT Utilities All versions V13.1.1.0, Solid Edge All versions V2023. The Jt1001.dll contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker t...
CVE-2020-16975
An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges...
CVE-2020-1587
An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevat...
CVE-2020-8149
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...
Design/Logic Flaw
This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
CVE-2020-3129
A vulnerability in the web-based management interface of Cisco Unity Connection Software could allow an authenticated, remote attacker to perform a stored cross-site scripting XSS attack. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker...
Design/Logic Flaw
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
Git-fastclone passes user modifiable strings directly to a shell command
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to cd and git clone commands in the library...
CVE-2017-5458
When a "javascript:" URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves. This vulnerability affects Firefox 53...
Drupal 7.31 version of the explosion a serious SQL injection vulnerability-vulnerability warning-the black bar safety net
This morning a foreign security researchers on Twitter exposed a Drupal 7.31 version of the latestSQL injectionvulnerabilities and gives using a test of the EXP code, small local structures Drupal7. 3 1 environment, tested, found that the use of the code can be successfully executed and the...
Crime24 Stealer Panel 1.0 - Multiple Vulnerabilities
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= | \ | | | \ | | | |/ | / | | | | |/ / \ | | | |/ | ' \ | || | | | \ \ || | Twitter @TheHackersBay Pentester / Underground hacker Exploit Title: Crime24 Stealer Panel &in=1&search=Search Example: http://i.imgur.com/zyIr5xv.png...
Microsoft System Center Configuration Manager CVE-2012-2536 Cross Site Scripting Vulnerability
Description Microsoft System Center Configuration Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...