CVE-2024-22550

An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file...

TOTOLINK X6000R Code Execution Vulnerability

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a code execution vulnerability that stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit this vulnerability t...

CVE-2024-22912

A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution...

The vulnerability of Citrix ADC application delivery controllers (formerly known as Citrix NetScaler Application Delivery Controller) and Citrix Gateway access control systems (formerly known as Citrix NetScaler Gateway) stems from improper code generation, allowing attackers to execute arbitrary code.

The vulnerability of Citrix ADC application delivery controllers formerly known as Citrix NetScaler Application Delivery Controller, as well as the Citrix Gateway access control system formerly known as Citrix NetScaler Gateway, is related to improper code generation. Exploiting this vulnerabilit...

TOTOLINK X6000R 安全漏洞

TOTOLINK X6000R is a wireless router from China's Gion Electronics TOTOLINK. The TOTOLINK X6000R suffers from a code execution vulnerability that stems from the application's failure to properly filter construct command special characters, commands, etc. An attacker can exploit the vulnerability ...

D-Link DIR-815 Code Execution Vulnerability

The D-Link DIR-815 is a wireless router from China's AUO D-Link. The D-Link DIR-815 suffers from a code execution vulnerability that stems from an application's failure to properly filter special elements of constructed snippets. An attacker can exploit the vulnerability to execute arbitrary code...

GTKWave Code Execution Vulnerability

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. A code execution vulnerability exists in GTKWave version 3.3.118, which can be exploited by an attacker to potentially cause arbitrary code execution via a specially crafted fst file...

GTKWave integer overflow vulnerability (CNVD-2024-37751)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An integer overflow vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via a specially crafted fst file...

Microsoft Office 安全漏洞

Microsoft Office is an office software suite of products from the U.S. company Microsoft Microsoft. The product's common components include Word, Excel, Access, Powerpoint, FrontPage, etc.. Microsoft Office has a code execution vulnerability that can be exploited by an attacker to execute arbitra...

Security Updates for Microsoft Visual Studio Products (January 2024)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability CVE-2023-29356, CVE-2023-32025, CVE-2023-32026, CVE-2023-32027 - NET, .NET Framework,...

SUSE-SU-2023:4978-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: - CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution bsc1218033. - CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service bsc1218032. - CVE-2023-41074: Fixed use-after-free...

PT-2023-31498 · Trimble · Trimble Sketchup Viewer

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

Pluck Arbitrary File Upload Vulnerability (CNVD-2023-9917907)

Pluck is a content management system CMS developed using the PHP language. An arbitrary file upload vulnerability exists in Pluck version v4.7.18, which stems from the lack of valid validation of uploaded files in component /inc/modulesinstall.php. An attacker can exploit this vulnerability to...

CVE-2022-42541

Remote code execution...

PT-2023-9815 · Foxit · Foxit Pdf Editor +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

Foxit Reader 安全漏洞

Foxit Reader is a Chinese Foxit Foxit company's a PDF document reader. A code execution vulnerability exists in Foxit Reader prior to version 12.1.3.15356 due to a flaw in the Javascript saveAs API. An attacker could exploit this vulnerability to execute arbitrary code on the system...

The vulnerability of the sub_4CCE4 function in ASUS RT-AX57 Wi-Fi router’s microprogramming system allows a hacker to execute arbitrary code.

The vulnerability of the sub4CCE4 function in ASUS’ Wi-Fi router software ASUS RT-AX57 exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using a specially crafted request to the ifname field...

TOTOLINK A3700R Code Execution Vulnerability

The TOTOLINK A3700R is a wireless router from China's Gion Electronics TOTOLINK. A code execution vulnerability exists in the TOTOLINK A3700R v9.1.2u.6134B20201202 version, which can be exploited by an attacker to execute arbitrary code on the system...

Adobe Media Encoder Out-of-Bounds Read Vulnerability (CNVD-2023-88664)

Adobe Media Encoder is an audio and video encoding application from the American company Audobee Adobe. An out-of-bounds read vulnerability exists in Adobe Media Encoder version 24.0.2 and earlier and version 23.6 and earlier, which can be exploited by an attacker to execute code in the context o...

CVE-2023-22273 ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...