27 matches found
GeoServer <1.2.2 - Remote Code Execution
Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22. id:...
CVE-2024-30307 Adobe Substance 3D Painter BMP File Parsing Out Of Bounds Write Vulnerability
Substance3D - Painter versions 9.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-060)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-060 advisory. A stack based buffer-overflow vulnerability was found in the deprecated compatibility function clntcreate in the sunrpc's clntgen.c module of the GNU C Library aka glibc through 2.34. This vulnerability...
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
Impact Any user with the right to edit his personal page can follow one of the scenario below: Scenario 1: - Log in as a simple user with just edit rights on the user profile - Go to the user's profile - Upload an attachment in the attachment tab at the bottom of the page any image is fine - Clic...
Debian dla-3153 : libksba-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3153 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3153-1 [email protected] https://www.debian.org/lts/security/...
CVE-2020-18705
XML External Entities XXE in Quokka v0.4.0 allows remote attackers to execute arbitrary code via the component 'quokka/core/content/views.py'...
CVE-2021-36483
CVE-2021-36483 affects DevExpress.XtraReports.UI up to v21.1. It involves insecure deserialization that could allow an attacker to execute arbitrary code. The ZDI advisory notes this requires authentication and targets the SafeBinaryFormatter deserialization path in DevExpress XtraReports. Public...
HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path
Exploit Title: HP WMI Service 1.4.8.0 - 'HPWMISVC.exe' Unquoted Service Path Discovery by: Jocelyn Arenas Discovery Date: 2020-11-07 Vendor Homepage: https://www8.hp.com/mx/es/home.html Tested Version: 1.4.8.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Home x64 es Step to...
PowerSploit - A PowerShell Post-Exploitation Framework
PowerSploit is a collection of Microsoft PowerShell modules that can be used to aid penetration testers during all phases of an assessment. PowerSploit is comprised of the following modules and scripts: CodeExecution Execute code on a target machine. Invoke-DllInjection Injects a Dll into the...
CVE-2017-13184
In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for...
CVE-2016-1248
vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened...
[モバ7]ミラクルジャグラー - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application モバ7ミラクルジャグラー published at the 'play' market has multiple vulnerabilities...
助けてください~既読スルー禁止~ - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application 助けてください~既読スルー禁止~ published at the 'play' market has multiple vulnerabilities...
Don't Drown The Cow - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Don't Drown The Cow published at the 'play' market has multiple vulnerabilities...
Swipe Basketball 2 - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Swipe Basketball 2 published at the 'play' market has multiple vulnerabilities...
news.de Nachrichten - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application news.de Nachrichten published at the 'play' market has multiple vulnerabilities...
Deutsches Wörterbuch - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Deutsches Wörterbuch published at the 'play' market has multiple vulnerabilities...
openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:0607-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
IRAI AUTOMGEN <= 8.0.0.7 Use After Free
No description provided by source. Luigi Auriemma Application: IRAI AUTOMGEN http://www.irai.com/a8e/ Versions: = 8.0.0.7 aka 8.022 Platforms: Windows Bug: use after free Exploitation: file Date: 10 Oct 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug ...
Java Applet AverageRangeStatisticImpl Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class...