Nintendo Mario Kart 安全漏洞

Nintendo Mario Kart is a game by Nintendo of Japan Nintendo. A security vulnerability exists in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, RMCK01. An attacker can exploit the vulnerability to execute arbitrary code on the client computer...

Cross-site Scripting (XSS) - Stored in livehelperchat/fbmessenger

Description The application does not escape special characters. The $item-bbcode or $item-name variables can lead to stored XSS Proof of Concept Go to Facebook BBCode List https://demo.livehelperchat.com/siteadmin/fbmessenger/newbbcode and add an item with XSS payload into name or bbcode fields,...

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description The Mobile Options settings does not sanitise and escape the $mboptions'fcmkey' parameter lead to stored XSS Proof of Concept Go to Mobile settings, fill XSS payload into FCM Key field kind of: somekey" Impact XSS can have huge implications for a web application and its users. User...

AnySupport 路径遍历漏洞

ANYSUPPORT is an application program from ANYSUPPORT, Inc. Provides a remote connection feature. A security vulnerability exists in versions prior to AnySupport 2019.3.21.0 that uses the swprintf function to copy files from the management PC to the client PC, allowing directory traversal. This...

CVE-2021-21448

SAP GUI for Windows, version - 7.60, allows an attacker to spoof logon credentials for Application Server ABAP backend systems in the client PCs memory. Under certain conditions the attacker can access information which would otherwise be restricted. The exploit can only be executed locally on th...

Security Bulletin: IBM Cloud Automation Manager is affected by a insecure Content-Security-Policy header vulnerability CVE-2019-4133

Summary IBM Cloud Automation Manager could allow a malicious user on the client side with access to client computer to run a custom script. Vulnerability Details CVEID: CVE-2019-4133 DESCRIPTION: IBM Cloud Automation Manager could allow a malicious user on the client side with access to client...

Flaws in Popular RDP Clients Allow Malicious Servers to Reverse Hack PCs

You've always been warned not to share remote access to your computer with any untrusted people for many reasons—it's basic cyber security advice, and common sense, right? But what if I say, you should not even trust anyone who invites or offers you full remote access to their computers? Security...

Windows Media Player 9.0 ActiveX Control File Enumeration Weakness

No description provided by source. source: http://www.securityfocus.com/bid/12032/info The Windows Media Player ActiveX control is prone to a security weakness that may allow a malicious Web page to enumerate files that exist on the client computer. This could aid in further attacks. This issue i...

Buffer Overflow Vulnerability in Hitachi IT Operations Director

Overview Hitachi IT Operation Director Agent in client PC contains a buffer overflow vulnerability. Impact A remote attacker could execute arbitrary code with system privileges. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

IBM Tivoli Storage Manager Client CAD Service Buffer Overflow

Added: 11/20/2009 CVE: CVE-2009-3853 OSVDB: 59632 Background IBM Tivoli Storage Manager TSM provides centralized management for automated backup and restoration operations. It runs a Client Acceptor Daemon CAD on port 1582/TCP. Problem The vulnerability is caused by an input validation error in t...

CVE-2008-2805

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to force the upload of arbitrary local files from a client computer via vectors involving originalTarget and DOM Range...

Microsoft Windows embedded web fonts memory corruption

Memory corruption on parsing web fonts embedded to HTML page. May be used to install trojans, backdoors or another malware to client computer...

McAfee VirusScan unauthorized files access

It's possible to access client computer files with McAfee Security Center MCINSCTL.DLL ActiveX...

MSN Messenger unauthorized access

Any file from client computer can be retrieved...

Выполнение кода в CNet Catchup (code execution)

Через файл обновлений RVP можно загрузить и выполнить любые файлы на компьютере клиента...