Linux Kernel nft_exthdr_sctp_eval Stack-based Buffer Overflow Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

The vulnerability of the USB 3.0 HUB driver in Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the USB 3.0 HUB driver for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

PT-2023-28869 · Lenovo · Lenovo Desktop

Name of the Vulnerable Software and Affected Versions: Lenovo Desktop products affected versions not specified Description: A buffer overflow was reported in the Update WMI module that may allow a local attacker with elevated privileges to execute arbitrary code. Recommendations: At the moment,...

Design/Logic Flaw

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's...

EUVD-2023-38594

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data...

SUSE CVE-2022-1802

If an attacker was able to corrupt the methods of an Array object in JavaScript via prototype pollution, they could have achieved execution of attacker-controlled JavaScript code in a privileged context. This vulnerability affects Firefox ESR 91.9.1, Firefox 100.0.2, Firefox for Android 100.3.0,...

CVE-2022-47317

Out-of-bounds write vulnerability in V-Server v4.0.12.0 and earlier allows a local attacker to obtain the information and/or execute arbitrary code by having a user to open a specially crafted project file...

buildah: possible information disclosure and modification

An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able t...

VulnCheck KEV: CVE-2022-1529

An attacker could have sent a message to the parent process where the contents were used to double-index into a JavaScript object, leading to prototype pollution and ultimately attacker-controlled JavaScript executing in the privileged parent process. This vulnerability affects Firefox ESR...

Alfresco 跨站脚本漏洞

Alfresco is an open source enterprise content management system. The platform page using Freemarker development , the main features include document management , collaboration , records management , knowledge base management , Web content management and so on. Alfresco has a security vulnerabilit...

CVE-2021-1871

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this...

B2evolution Cms Cross-Site Scripting Vulnerability

b2evolution is a community content management system based on PHP and MySQL. A cross-site scripting vulnerability exists in B2evolution Cms, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...

Unspecified vulnerability in Kaoni ezHTTPTrans (CNVD-2021-37778)

Kaoni ezHTTPTrans is a forwarding proxy software. A security vulnerability exists in Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and earlier versions. A remote attacker can exploit this vulnerability to download arbitrary files and execute code...

Command Execution Vulnerability in PbootCMS V1.3.2

PbootCMS is an open source enterprise building content management system CMS developed using the PHP language. PbootCMS V1.3.2 suffers from a command execution vulnerability that can be exploited by an attacker to execute code...

HashBrown CMS Remote Code Execution Vulnerability

HashBrown CMS is an open source headless content management system CMS. HashBrown CMS suffers from a remote code execution vulnerability that stems from the program not performing proper security checks. An attacker could exploit the vulnerability to execute code...

PrestaShop cross-site scripting vulnerability (CNVD-2020-02542)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop version 1.7.6.2. The...

Open-Xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2019-36981)

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A cross-site scripting vulnerability exists in Open-Xchange OX App Suite versions 7.10.1 and 7.10.2. The vulnerabili...

DEBIAN-CVE-2017-7526

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This...

Palo Alto Networks Panorama VM Appliance Arbitrary Code Execution Vulnerability

Palo Alto Networks Panorama VM Appliance is a solution from Palo Alto Networks, Inc. that supports the use of Panorama as a virtual appliance to manage distributed firewall networks through a central location. An arbitrary code execution vulnerability exists in the Palo Alto Networks Panorama VM...

MiniWeb (Build 300) Arbitrary File Upload

This module exploits a vulnerability in MiniWeb HTTP server build 300. The software contains a file upload vulnerability that allows an unauthenticated remote attacker to write arbitrary files to the file system. Code execution can be achieved by first uploading the payload to the remote machine ...