33 matches found
Code injection
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin...
CVE-2022-48622
In GNOME GdkPixbuf aka gdk-pixbuf through 2.42.10, the ANI Windows animated cursor decoder encounters heap memory corruption in aniloadchunk in io-ani.c when parsing chunks in a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, leading to a denial of service or...
PT-2023-26767 · Chamilo · Chamilo
Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11 through 1.11.20 Description: A Cross Site Request Forgery CSRF issue allows a remote authenticated privileged attacker to execute arbitrary code. Recommendations: For Chamilo versions 1.11 through 1.11.20, update to a...
CVE-2023-29742
An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database...
JSA10569 - 2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110
Problem OpenSSL software provided with Steel-Belted Radius SBR Enterprise is vulnerable to CVE-2012-2110. This may allow code execution type of attacks using crafted certificates. Related Links Acknowledgements Risk Level High Risk Assessment Workaround There are no known workarounds that can...
CVE-2022-29351
An arbitrary file upload vulnerability in the file upload module of Tiddlywiki5 v5.2.2 allows attackers to execute arbitrary code via a crafted SVG file. Note: The vendor argues that this is not a legitimate issue and there is no vulnerability here...
Google Android Media Framework Remote Code Execution Vulnerability (CNVD-2021-19751)
Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. A remote code execution vulnerability exists in the Media Framework component of Google Android 8.1, 9, 10, and 11. An attacker can exploit this vulnerability to...
Kudou Music pc version suffers from dll hijacking vulnerability (CNVD-2021-05879)
Guangzhou Kudou Computer Technology Co., Ltd. is a digital music interactive service provider in China, a leading enterprise in Internet technology innovation, dedicated to providing perfect solutions for Internet users and the development of digital music industry. There is a dll hijacking...
Millet phone preloaded with the App Security Center, the user will be exposed to the threat-vulnerability warning-the black bar safety net
Smartphones generally have a pre-installed application software, some of which are very useful, and some we never used. Because the pre-installed App has the required permissions, once these pre-application insecurity or vulnerability exists, the user privacy and security a potential threat. Chec...
GHSA-WWMF-6P58-6VJ2 Remote code execution in rwiki
The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors...
MGASA-2014-0377 Updated mariadb packages fix CVE-2014-4274
Updated mariadb packages fix security vulnerability: MyISAM temporary files could be used to mount a code-execution attack CVE-2014-4274. The mariadb package has been updated to version 5.5.39, which fixes this and several other issues. Refer to the upstream Changelog for more details...
Updated mariadb packages fix CVE-2014-4274
Updated mariadb packages fix security vulnerability: MyISAM temporary files could be used to mount a code-execution attack CVE-2014-4274. The mariadb package has been updated to version 5.5.39, which fixes this and several other issues. Refer to the upstream Changelog for more details...
Multiple Cisco Wireless Gateways Vulnerable to Remote Attacks
Multiple Cisco Wireless Residential Gateway products have a security vulnerability in the web server that could allow a remote attacker to hijack the devices remotely. Cisco announced that a number of its Wireless Residential Gateway products are vulnerable to a remote-code execution attack, whic...