EUVD-2014-1050

Malware in sbrugna...

CVE-2024-30961

CVE-2024-30961 affects Open Robotics ROS2 Navigation2 (navigation2-humble and related nav2_bt_navigator). The vulnerability is described as an insecure permissions issue that enables a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. CVSS data indicate...

CVE-2024-30886

A stored cross-site scripting XSS vulnerability in the remotelink function of HadSky v7.6.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter...

CVE-2024-28556

SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php...

CVE-2023-30653

Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code...

CVE-2022-36639

A stored cross-site scripting XSS vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

CVE-2021-38611

A command-injection vulnerability in the Image Upload function of the NASCENT RemKon Device Manager 4.0.0.0 allows attackers to execute arbitrary commands, as root, via shell metacharacters in the filename parameter to assets/index.php...

CVE-2020-2490

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907...

Format string

Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command in a crafted TeX file...

PYSEC-2014-91

The shellquote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "" backslash characters to form multi-command sequences, a different...

Out-of-bounds

The ClusterIterator::NextCluster function in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via unspecified vectors...

CVE-2013-0744

Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.1...

CVE-2010-0174

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before 3.6.2; Thunderbird before 3.0.4; and SeaMonkey before 2.0.4 allow remote attackers to cause a denial of service memory corruption and application crash or possibly...

Command injection

PyGIT.py in the Trac Git plugin trac-git before 0.0.20080710-3+lenny1 and before 0.0.20090320-1 on Debian GNU/Linux, when enabled in Trac, allows remote attackers to execute arbitrary commands via shell metacharacters in a crafted HTTP query that is used to generate a certain git command...

CVE-2009-0087

Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file...

CVE-2008-5246

Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow remote attackers to execute arbitrary code via vectors that send ID3 data to the 1 id3v22interpframe and 2 id3v24interpframe functions in src/demuxers/id3.c. NOTE: the provenance of this information is unknown; the details are...

Format string

Format string vulnerability in dx8render.dll in Snail Game aka Suzhou Snail Electronic Company 5th street aka Hot Step or High Street 5 allows remote attackers to execute arbitrary code via format string specifiers in a chat message...

Debian: Security Advisory (DSA-1161)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Format string

Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB APW file...

CVE-2007-0487

PHP remote file inclusion vulnerability in index.php in FreeForum 0.9.0 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. NOTE: this issue has been disputed by third party researchers, stating that fpath variable is initialized before being used...