Backdoor.Win32.Zaratustra Remote File Write / Code Execution

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/f240c16af2189ea9c94f317281ce7e59.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zaratustra Vulnerability: Unauthenticated Remote File Write Remote Code Exec...

Microsoft Windows/Windows Server Remote Code Execution Vulnerability (CNVD-2021-62476)

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A remote code execution vulnerability exists in the DNS Snap-in in...

CVE-2020-22249

Remote Code Execution vulnerability in phplist 3.5.1. The application does not check any file extensions stored in the plugin zip file, Uploading a malicious plugin which contains the php files with extensions like PHP,phtml,php7 will be copied to the plugins directory which would lead to the...

CVE-2021-28330

Technical details for CVE-2021-28330 are not publicly provided in the supplied documents. The sources reference the vulnerability by ID and a generic description; monitor for updates.

Microsoft Exchange Server Remote Code Execution Vulnerability

...

CVE-2021-27082

CVE-2021-27082 affects the Microsoft Quantum Development Kit for Visual Studio Code (and related components). The connected Nessus record describes a remote code execution vulnerability where a victim who opens specially crafted content could have arbitrary code executed on the system, with the a...

CVE-2021-26890

CVE-2021-26890 is associated with Microsoft Application Virtualization (App-V). CNNVD’s entry describes a code-injection vulnerability affecting App-V across a range of Windows client/server SKUs (e.g., Windows 10 versions 1809–20H2, Windows Server 2019/2022 variants, and Server Core builds). NVD...

Visual Studio Code Remote Code Execution Vulnerability

...

CVE-2020-7777 Arbitrary Code Execution

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In...

CVE-2020-9656

CVE-2020-9656 affects Adobe Premiere Rush

CVE-2020-6418

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: J3rryBl4nks at March 04, 2020 4:42pm UTC reported: You would have to chain this vulnerability with a working sandbox escape in...

CredSSP Remote Code Execution Vulnerability March 2018 Security Update

The remote Windows host allows fallback to insecure versions of Credential Security Support Provider protocol CredSSP. It is therefore, affected by a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute...

Remote code execution

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...

Microsoft SharePoint Server Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security conte...

Design/Logic Flaw

baigoStudio baigoSSO v3.0.1 allows remote attackers to execute arbitrary PHP code via the first form field of a configuration screen, because this code is written to the BGSITENAME field in the optbase.inc.php file...

KLA11884 Multiple vulnerability in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...

CVE-2018-1840

CVE-2018-1840 affects IBM WebSphere Application Server (WAS) 8.5/9.0. The root cause is a privilege-escalation risk when a security domain uses a federated repository other than the global federated repository and the WAS version is migrated to a newer release. Affected products and versions appe...

Chrome OS /sbin/crash_reporter Symlink Traversal Vulnerability

Exploit for windows platform in category dos / poc Chrome OS: symlink traversal issue in /sbin/crashreporter Tested on: Version 69.0.3473.0 Official Build dev 64-bit CreateDirectoryWithSettings in https://chromium.googlesource.com/chromiumos/platform2/+/master/crash-reporter/crashcollector.cc107 ...

Chrome OS /sbin/crash_reporter Symlink Traversal

Chrome OS: symlink traversal issue in /sbin/crashreporter Tested on: Version 69.0.3473.0 Official Build dev 64-bit CreateDirectoryWithSettings in https://chromium.googlesource.com/chromiumos/platform2/+/master/crash-reporter/crashcollector.cc107 is executed by /sbin/crashreporter every time a...

Adobe Reader DC 2015 Security Updates (APSB18-30) - Mac OS X

Adobe Reader DC 2015 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...