52 matches found
Tenda G3 Code Execution Vulnerability
Tenda G3 is a Qos Vpn router from Tenda China. A code execution vulnerability exists in Tenda G3 version 15.03.05.05, which stems from the usbPartitionName parameter in the formSetUSBPartitionUmount function failing to properly filter the special elements of the constructor segment. An attacker c...
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
Mozilla Firefox Code Execution Vulnerability (CNVD-2024-36730)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability caused by a memory security flaw in the browser engine. An attacker could exploit this vulnerability to execute arbitrary code on a system or...
The vulnerability of the formWriteFacMac function (/goform/WriteFacMac) in the Tenda AC500 router software allows a hacker to execute arbitrary code.
The vulnerability of the formWriteFacMac function /goform/WriteFacMac in the Tenda AC500 router software lies in the lack of data cleaning at the control level when processing the mac parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that stems from the MarkStack assignment operator, which is part of the JavaScript engine and can access uninitialized memory if used for...
Foxit PDF Reader 安全漏洞
Foxit PDF Reader is a PDF reader from China Foxit Foxit.Foxit PDF Editor is a PDF editor from China Foxit Foxit. A code execution vulnerability exists in Foxit PDF Reader and Editor, which can be exploited by an attacker to execute arbitrary code in the context of the current process...
The vulnerability of the module of the virtual trusted platform for Windows operating systems, allowing a perpetrator to execute arbitrary code
The vulnerability of the virtual trusted platform module for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
Google Android 缓冲区错误漏洞
Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code execution vulnerability that originates from an incorrect boundary check in the TRANSPOSERSETTINGS module of lpptran.h, which can be exploited by an attacker to execute arbitrary code on t...
SUSE CVE-2016-4246
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...
BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions
In yet another case of bring your own vulnerable driver BYOVD attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security...
Github merge 安全漏洞
Github merge is a simple npm package that merges many sources into a target. merge suffers from a security vulnerability that can be exploited by an attacker for remote code execution...
Microsoft Excel 代码注入漏洞
Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system with the privileges of the victim...
Scullyio Scully 注入漏洞
Scullyio Scully is a Typescript-based software for building Angular applications organized by Scullyio.Scully pre-renders every page in the application as plain HTML and CSS.To do this, Scully uses guessjs to find all the routes in the project. Scully then accesses each route, renders the view an...
Cybozu Desktop for Windows vulenerable to arbitrary code execution
Overview Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and...
Extreme Office 2019 suffers from a code execution vulnerability (CNVD-2020-28017)
Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. Extreme Office 2019 suffers from a code execution vulnerability that can be exploited by an attacker to obtain web server administrative privileges using a carefully constructe...
Code Execution Vulnerability in Thunderwind Movie CMS (CNVD-2019-33540)
Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind CMS has a code execution vulnerability that can be exploited by attackers to gain control of the web...
Code Execution Vulnerability in LmxCMS V1.4
Dream cms lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design mode. A code execution vulnerability exists in LmxCMS V1.4, which can be exploited by attackers to gain server privileges...
Code Execution Vulnerability in PHPOKCMS
PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. PHPOKCMS suffers from a code execution vulnerability. An attacker can exploit this vulnerability by uploading a Trojan horse in a program upgrade/zip package upgrade to gain server privileges...
Code execution vulnerability in cms made simple backend file copying
CMS Made Simple is an open source content management system. It is built using PHP and Smarty Engine , which separates content , functionality and templates . A code execution vulnerability exists in cms made simple version 2.2.7 when performing file copying in the background, which can be...
Code execution vulnerability in TP-Link enterprise routers (CNVD-2018-08408)
Tplink ER5110G, Tplink ER5120G and Tplink WAR1300L are enterprise VPN routers and enterprise wireless VPN routers. A code execution vulnerability exists in TP-Link Enterprise Routers. An attacker can exploit the vulnerability to obtain the router's administrator username and password, or hijack a...