15 matches found
CVE-2026-1131
A vulnerability has been found in Yonyou KSOA 9.0. Impacted is an unknown function of the file /kmc/savecatalog.jsp of the component HTTP GET Parameter Handler. Such manipulation of the argument catalogid leads to sql injection. It is possible to launch the attack remotely. The exploit has been...
EUVD-2012-0674
Malware in sbrugna...
CVE-2024-31634
Cross Site Scripting XSS vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \XunRuiCMS\dayrui\Fcms\Library...
CMS2CMS, Connector Extension, 2.00 permissions
CMS2CMS Connector Extension 2.00 Update of the permission type created for the catalog file 2.01...
The vulnerability of the Enterprise Resource Management System “Galaktika ERP” allows a hacker to obtain arbitrary files from the server or overwrite arbitrary files with fixed data.
The vulnerability of the GALAXY ERP resource management system is related to architectural weaknesses in the components .res files that have XML file export functionality. Exploiting this vulnerability allows a malicious actor to read or re-write any file on the server by entering the file path...
January 10, 2017—KB3213986 (OS Build 14393.693)
January 10, 2017—KB3213986 OS Build 14393.693 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Improved the reliability of Groove Music playback in the background, App-V, video playback and...
MS15-025: Description of the security update for Windows kernel: March 10, 2015
MS15-025: Description of the security update for Windows kernel: March 10, 2015 Summary This security update resolves vulnerabilities in Windows. The most severe of the vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted...
CVE-2012-0642
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service device crash via a crafted catalog file in an HFS disk image...
Integer overflow
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service device crash via a crafted catalog file in an HFS disk image...
CVE-2012-0642
Integer underflow in Apple iOS before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service device crash via a crafted catalog file in an HFS disk image...
DVbbs 8.2 background storm catalog file vulnerability-vulnerability warning-the black bar safety net
DVbbs 8.2 background storm catalog file vulnerability As long as you know the directory name can Select‘File Management’Point below the beginning of the search In the following‘need to clean up the Upload Directory’section of the write into the directory as ‘../admin’ ‘../data’ Point ‘clear bit...
man format string bug
Format string bug during processing internationalization data from catalog file...
man[v1.5l]: (catalog) format strings exploit / POC.
was looking at the source code to man, and came upon this. newer g libc's will stop this from happening. but, still worth noting/effective bypass with older glibc's explained in exploit header Vade79 - fakehalo.deadpig.org - fakehalo. -- xmanfmt.c: start -- / linuxmanv1.5l: format string exploit...
Man 1.5.1 - Catalog File Format String
// source: https://www.securityfocus.com/bid/7812/info A vulnerability has been reported in the man utility. The problem is said to occur due to a format string bug when handling a catalog file. As a result, an attacker may be capable of writing arbitrary values to sensitive locations within...
Man 1.5.1 - Catalog File Format String
Man 1.5.1 - Catalog File Format String // source: https://www.securityfocus.com/bid/7812/info A vulnerability has been reported in the man utility. The problem is said to occur due to a format string bug when handling a catalog file. As a result, an attacker may be capable of writing arbitrary...