Lucene search
K

52 matches found

CNVD
CNVD
added 2024/09/29 12:0 a.m.5 views

Tenda G3 Code Execution Vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. A code execution vulnerability exists in Tenda G3 version 15.03.05.05, which stems from the usbPartitionName parameter in the formSetUSBPartitionUmount function failing to properly filter the special elements of the constructor segment. An attacker c...

9.8CVSS7.7AI score0.11348EPSS
Exploits1References1
Zero Day Initiative
Zero Day Initiative
added 2024/09/17 12:0 a.m.8 views

PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

7.8CVSS6.9AI score0.00283EPSS
Exploits0References1
CNVD
CNVD
added 2024/06/14 12:0 a.m.4 views

Mozilla Firefox Code Execution Vulnerability (CNVD-2024-36730)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability caused by a memory security flaw in the browser engine. An attacker could exploit this vulnerability to execute arbitrary code on a system or...

9.8CVSS7.8AI score0.00577EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/19 12:0 a.m.4 views

The vulnerability of the formWriteFacMac function (/goform/WriteFacMac) in the Tenda AC500 router software allows a hacker to execute arbitrary code.

The vulnerability of the formWriteFacMac function /goform/WriteFacMac in the Tenda AC500 router software lies in the lack of data cleaning at the control level when processing the mac parameter. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

6.5CVSS7AI score0.08718EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/04/16 12:0 a.m.3 views

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a code execution vulnerability that stems from the MarkStack assignment operator, which is part of the JavaScript engine and can access uninitialized memory if used for...

5.3CVSS8.8AI score0.00365EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/04/03 12:0 a.m.3 views

Foxit PDF Reader 安全漏洞

Foxit PDF Reader is a PDF reader from China Foxit Foxit.Foxit PDF Editor is a PDF editor from China Foxit Foxit. A code execution vulnerability exists in Foxit PDF Reader and Editor, which can be exploited by an attacker to execute arbitrary code in the context of the current process...

7.8CVSS7.9AI score0.00914EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/10/16 12:0 a.m.7 views

The vulnerability of the module of the virtual trusted platform for Windows operating systems, allowing a perpetrator to execute arbitrary code

The vulnerability of the virtual trusted platform module for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7.8AI score0.01583EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/14 12:0 a.m.5 views

Google Android 缓冲区错误漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a code execution vulnerability that originates from an incorrect boundary check in the TRANSPOSERSETTINGS module of lpptran.h, which can be exploited by an attacker to execute arbitrary code on t...

8.8CVSS8.1AI score0.01032EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:3 a.m.4 views

SUSE CVE-2016-4246

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4172,...

8.8CVSS8AI score0.04434EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2022/10/07 6:52 a.m.332 views

BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions

In yet another case of bring your own vulnerable driver BYOVD attack, the operators of the BlackByte ransomware are leveraging a flaw in a legitimate Windows driver to bypass security solutions. "The evasion technique supports disabling a whopping list of over 1,000 drivers on which security...

7.8CVSS8.5AI score0.18188EPSS
Exploits8
CNNVD
CNNVD
added 2021/09/10 12:0 a.m.6 views

Github merge 安全漏洞

Github merge is a simple npm package that merges many sources into a target. merge suffers from a security vulnerability that can be exploited by an attacker for remote code execution...

9.8CVSS7.5AI score0.01429EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/04/13 12:0 a.m.11 views

Microsoft Excel 代码注入漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute arbitrary code on a system with the privileges of the victim...

7.8CVSS6.7AI score0.0235EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/01/14 12:0 a.m.6 views

Scullyio Scully 注入漏洞

Scullyio Scully is a Typescript-based software for building Angular applications organized by Scullyio.Scully pre-renders every page in the application as plain HTML and CSS.To do this, Scully uses guessjs to find all the routes in the project. Scully then accesses each route, renders the view an...

7.3CVSS7.1AI score0.00825EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/05/25 6:9 a.m.2 views

Cybozu Desktop for Windows vulenerable to arbitrary code execution

Overview Cybozu Desktop for Windows provided by Cybozu, Inc. contains an arbitrary code execution vulnerability due to the improper data processing when applying the software update. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to Cybozu, Inc. and...

9.8CVSS7.7AI score0.02932EPSS
Exploits0References6
CNVD
CNVD
added 2020/04/01 12:0 a.m.0 views

Extreme Office 2019 suffers from a code execution vulnerability (CNVD-2020-28017)

Extreme Office is an independently controlled office learning software developed by Beijing Haiteng Times Technology Co. Extreme Office 2019 suffers from a code execution vulnerability that can be exploited by an attacker to obtain web server administrative privileges using a carefully constructe...

7.6AI score
Exploits0
CNVD
CNVD
added 2019/09/10 12:0 a.m.2 views

Code Execution Vulnerability in Thunderwind Movie CMS (CNVD-2019-33540)

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. Thunderwind CMS has a code execution vulnerability that can be exploited by attackers to gain control of the web...

7.9AI score
Exploits0
CNVD
CNVD
added 2019/07/04 12:0 a.m.1 views

Code Execution Vulnerability in LmxCMS V1.4

Dream cms lmxcms is developed using php language and mysql database, and adopts the mainstream MVC design mode. A code execution vulnerability exists in LmxCMS V1.4, which can be exploited by attackers to gain server privileges...

7.9AI score
Exploits0
CNVD
CNVD
added 2018/08/24 12:0 a.m.1 views

Code Execution Vulnerability in PHPOKCMS

PHPOKCMS is an enterprise station CMS system developed in PHP+MYSQL language. PHPOKCMS suffers from a code execution vulnerability. An attacker can exploit this vulnerability by uploading a Trojan horse in a program upgrade/zip package upgrade to gain server privileges...

7.8AI score
Exploits0
CNVD
CNVD
added 2018/04/27 12:0 a.m.1 views

Code execution vulnerability in cms made simple backend file copying

CMS Made Simple is an open source content management system. It is built using PHP and Smarty Engine , which separates content , functionality and templates . A code execution vulnerability exists in cms made simple version 2.2.7 when performing file copying in the background, which can be...

7.5AI score
Exploits0
CNVD
CNVD
added 2018/04/17 12:0 a.m.0 views

Code execution vulnerability in TP-Link enterprise routers (CNVD-2018-08408)

Tplink ER5110G, Tplink ER5120G and Tplink WAR1300L are enterprise VPN routers and enterprise wireless VPN routers. A code execution vulnerability exists in TP-Link Enterprise Routers. An attacker can exploit the vulnerability to obtain the router's administrator username and password, or hijack a...

7.6AI score
Exploits0
Rows per page
Query Builder