CVE-2021-22660

CNCSoft-B Versions 1.0.0.3 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code...

CVE-2021-28832

VSCodeVim before 1.19.0 allows attackers to execute arbitrary code via a crafted workspace configuration...

Buffer overflow

K7Computing Pvt Ltd K7AntiVirus Premium 15.01.00.53 is affected by: Buffer Overflow. The impact is: execute arbitrary code local. The component is: K7TSMngr.exe...

Design/Logic Flaw

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...

CVE-2018-20341

WINMAGIC SecureDoc Disk Encryption software before 8.3 has an Unquoted Service Path vulnerability, which could allow an attacker to execute arbitrary code on a target system. If the executable is enclosed in quote tags "" then the system will know where to find it. However if the path of where th...

Flash 0-Day In The Wild: Group 123 At The Controls

This blog post is authored by Warren Mercer and Paul Rascagneres. Executive Summary The 1st of February, Adobe published an advisory concerning a Flash vulnerability CVE-2018-4878. This vulnerability is a use after free that allows Remote Code Execute through a malformed Flash object. Additionall...

COMTREND ADSL Router CT-5367 - Remote Code Execution

COMTREND ADSL Router CT-5367 - Remote Code Execution. Remote exploit for Hardware platform Exploit Title: Globalnet COMTREND ADSL Router CT-5367 Remote Code Execute Date: 11-12-2017 Exploit Author: TnMch Software Link : null Type : HardWare Risk of use : High Type to use : Remote 1. Description A...

Firefox browser.downloads addon Remote Code Execute (PoC) Vulnerability

Exploit for multiple platform in category dos / poc CVE-2017-7821 "browser.downloads addon feature may be used for RCE" Steps: 1. Go to 'about:debugging' 2. Unpack attached PoC somewhere 3. Back in 'about:debugging' choose 'Load temp addon' and choose the poc 4. jar file is automatically download...

Security Advisory - BroadPwn Remote Code Execute Vulnerability

Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue. Successful exploit of this vulnerability could allow an attacker to remotely execute arbitrary code on affected devices. Vulnerability ID: HWPSIRT-2017-07072 This...

CVE-2017-10745

XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "Stack Buffer Overrun /GS Exception starting at ntdll77df0000!RtlProcessFlsData+0x00000000000000b0."...

Memory corruption

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4273,...

PHP 5.6 GMP unserialize() Use-After-Free

Use After Free Vulnerability in unserialize with GMP Taoguang Chen - Write Date: 2015.8.17 - Release Date: 2015.9.4 A use-after-free vulnerability was discovered in unserialize with GMP object's deserialization that can be abused for leaking arbitrary memory blocks or execute arbitrary code...

CVE-2015-3456

The Floppy Disk Controller FDC in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service out-of-bounds write and guest crash or possibly execute arbitrary code via the 1 FDCMDREADID, 2 FDCMDDRIVESPECIFICATIONCOMMAND, or other unspecified commands, ak...

WordPress WooCommerce Amazon Affiliates 7.0 Shell Upload / File Disclosure Vulnerabilities

WordPress WooCommerce Amazon Affiliates plugin version 7.0 suffers from file disclosure and remote shell upload vulnerabilities. WooCommerce Amazon Affiliates Wordpress Plugin Unauthenicated Arbitrary File Upload & LFD Link:...

WordPress WooCommerce Amazon Affiliates 7.0 Shell Upload / File Disclosure

WooCommerce Amazon Affiliates Wordpress Plugin Unauthenicated Arbitrary File Upload & LFD Link: http://codecanyon.net/item/woocommerce-amazon-affiliates-wordpress-plugin/3057503 Version: 7.0 This Plugin is Vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload...

WordPress WooCommerce Amazon Affiliates - Arbitrary File Upload

This WordPress plugin is vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload. Solution Update the plugin...

WordPress Premium SEO Pack 1.8.0 Shell Upload / File Disclosure

Premium SEO Pack Wordpress Plugin Unauthenicated Arbitrary File Upload & LFD Link: http://codecanyon.net/item/premium-seo-pack-wordpress-plugin/6109437 This Plugin is Vulnerable to Local File Disclosure and Remote Code Execute via Arbitrary File Upload. Vulnerability CodeShorted: class...

Debian DLA-88-1 : ruby1.8 security update

This update fixes multiple local and remote denial of service and remote code execute problems : CVE-2011-0188 Properly allocate memory, to prevent arbitrary code execution or application crash. Reported by Drew Yao. CVE-2011-2686 Reinitialize the random seed when forking to prevent CVE-2003-0900...

WPMU < 2.9.1 PHP Remote Code Execute 0day Exploit

its a straight forward and easy to use exploit that injects a command shell into wp-config.php Usage Info php exp.php don't forget to add http This is private exploit. You can buy it at https://0day.today...

Migrating Elastix 2.5 Remote Code Execute 0day Exploit

Migrating Elastix 2.5 suffers from an authenticated arbitrary command execution vulnerability. The issue is caused due to the improper verification of uploaded files. This can be exploited to execute arbitrary code by creating or uploading a malicious script file. Vulnerability tested on CentOS 7...