CVE-2024-21918

Rockwell Automation Arena Simulation Software (Arena Simulation) is affected by CVE-2024-21918, a memory corruption vulnerability in the memory handling (memory corruption/overflow) that could allow an attacker to execute arbitrary code after opening a malicious file. Affected product: Arena Simu...

CVE-2024-21912

Rockwell Automation Arena Simulation Software (Arena Simulation) is affected by CVE-2024-21912 (out-of-bounds write / arbitrary code execution). The vulnerability arises from writing beyond designated memory, causing an access violation and allowing code execution when a user opens a malicious fi...

Rockwell Automation Arena Simulation Software 缓冲区错误漏洞

Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. An uninitialized pointer access vulnerability exists in Rockwell Automation Arena Simulation Software, which can be exploited by an attack...

Design/Logic Flaw

PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...

CVE-2023-6631

CVE-2023-6631 affects Subnet Solutions PowerSYSTEM Center (PowerSYSTEM Center 2020 Update 16 and earlier; 5.0.x–5.16.x). The vulnerability is an unquoted search path/element in the service path that authorized local users can abuse to insert arbitrary code and achieve privilege escalation. Affect...

Design/Logic Flaw

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. The attacker can use this internal function to insert code into the Splunk platform installation directory. From there, a user can execute arbitrary code ...

Input validation

The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard...

CVE-2023-2331

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...

CVE-2023-2331 Bypassing hardening via Unquoted Service path vulnerability

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...

PT-2023-18902 · 42Gears · Surelock

Name of the Vulnerable Software and Affected Versions: 42Gears Surelock Windows versions 2.3.12 through 2.40.0 Description: The issue is related to an Unquoted service Path or Element vulnerability in the SureLock Service NixService.Exe on Windows application, which allows arbitrary code insertio...

CVE-2023-24068

Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into...

The vulnerability of the SAP BusinessObjects Business Intelligence platform lies in its ability to allow the insertion of code or data, enabling attackers to gain full access to the application.

The vulnerability of the SAP BusinessObjects Business Intelligence platform is related to the possibility of introducing code or data. Exploiting this vulnerability can allow a malicious actor to gain full access to the application...

The vulnerability of the Calendar component in the Zimbra Collaboration Suite corporate email management system allows a hacker to insert any desired malicious code into documents.

The vulnerability of the Calendar component in the Zimbra Collaboration Suite enterprise email management system exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to insert arbitrary code into documents...

CVE-2022-22411

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 is affected. An authenticated user could insert code and manipulate cluster resources due to excessive service-account permissions. Affected product/version: DAS 5.1.3.1. Root cause described as risky permissions enabling code insertion. IBM b...

CVE-2022-22411

IBM Spectrum Scale Data Access Services DAS 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016...

PT-2021-7276 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to v5.16-rc6 Description: A flaw in the Linux kernel's eBPF verifier allows internal memory locations to be returned to userspace when handling internal data structures. This can be exploited by a local attacker wi...

Design/Logic Flaw

There is an Unquoted Service Path in NI Service Locator nisvcloc.exe in versions prior to 18.0 on Windows. This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges...

JetBrains Hub Cross-Site Scripting Vulnerability

JetBrains Hub is a server that can handle authentication, authorization, users, groups, permissions, and projects across multiple JetBrains Team Tools installations. A stored cross-site scripting vulnerability exists in JetBrains Hub versions prior to 2021.1.13690. An attacker could exploit the...

CVE-2021-33988

CVE-2021-33988 is a Cross-Site Scripting (XSS) vulnerability reported in Microweber CMS version 1.2.7 accessible via the Login form. The concrete details from connected sources state that an attacker could inject and execute Javascript by placing code in the login request form, enabling a client-...

CVE-2019-18245

Reliable Controls LicenseManager versions 3.4 and prior may allow an authenticated user to insert malicious code into the system root path, which may allow execution of code with elevated privileges of the application...