CVE-2025-59799

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmarkcoercedest in devices/vector/gdevpdfm.c via a large size value...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the pdfmarkcoercedest function. An attacker can execute arbitrary code or cause a denial of service by supplying a large size value. Remediation Upgrade ghostscript to version 10.06.0rc1 or higher...

CVE-2025-59799

CVE-2025-59799 is an issue in Artifex Ghostscript up to and including 10.05.1 where a stack-based buffer overflow occurs in the PDF processing path, specifically in pdfmark_coerce_dest within devices/vector/gdevpdfm.c, triggered by a large size value. Several connected advisories (EulerOS, Unity ...

Artifex Ghostscript 安全漏洞

Artifex Ghostscript is the United States Artifex company's set of Adobe-based, PostScript and portable document format page description language and compiled into the free software. Artifex Ghostscript pdfmarkcoercedest function has a stack buffer overflow vulnerability, there is no detailed...

CVE-2025-59799

Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmarkcoercedest in devices/vector/gdevpdfm.c via a large size value...

PT-2025-38679

Name of the Vulnerable Software and Affected Versions: Artifex Ghostscript versions through 10.05.1 Description: Artifex Ghostscript through version 10.05.1 contains a stack-based buffer overflow in the pdfmark coerce dest function located in devices/vector/gdevpdfm.c. This occurs when processing...

Cross site scripting

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...

CVE-2024-22876

StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting XSS in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL...

GHSA-6QJF-7G3J-QX25 Neos CMS Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file uploaded to the neos/management/media component. To make use of this attack vector, the attacker must either be able to upload a maliciously crafted fil...

Metasploit Weekly Wrap-Up

DFSCoerce - Distributing more than just files DFS Distributed File System is now distributing Net-NTLM credentials thanks to Spencer McIntyre with a new auxiliary/scanner/dcerpc/dfscoerce module that is similar to PetitPotam in how it functions. Note that unlike PetitPotam, this technique does...

DFSCoerce - PoC For MS-DFSNM Coerce Authentication Using NetrDfsRemoveStdRoot Method

PoC for MS-DFSNM coerce authentication using NetrDfsRemoveStdRoot method and probably more but am lazy and its just PoC :P . Documentation: https://docs.microsoft.com/en-us/openspecs/windowsprotocols/ms-dfsnm/95a506a8-cae6-4c42-b19d-9c1ed1223979 Inspired by: PetitPotam @topotam77...

CVE-2021-4030

A cross-site request forgery vulnerability in the HTTP daemon of the Zyxel ARMOR Z1/Z2 firmware could allow an attacker to execute arbitrary commands if they coerce or trick a local user to visit a compromised website with malicious scripts...

SUSE-SU-2020:0557-1 Security update for python36

This update for python36 fixes the following issues: Security issues fixed: - CVE-2019-9674: Improved the documentation to reflect the dangers of zip-bombs bsc1162825. - CVE-2020-8492: Fixed a regular expression in urrlib that was prone to denial of service via HTTP bsc1162367. Non-security issue...

Microsoft windows October release of the 62 flaws vulnerability bug patch, and repair of the National researchers submitted the 0-day flaw vulnerability bug-vulnerability warning-the black bar safety net

Microsoft on Tuesday's Patch Tuesday on the breath announced a 62 bug. the bug of the patch, which contains a has been applied to the major Office 0-day exploits flaws in the bug, this is by memory of the destruction occasioned by the long-distance code to perform vulnerability flaws bug（...

Symbol DoS vulnerability in Active Record

When a hash is provided as the find value for a query, the keys of the hash may be converted to symbols. Carefully crafted requests can coerce params:name to return a hash, and the keys to that hash may be converted to symbols. All users running an affected release should either upgrade or use on...

Microsoft Excel BIFF File Format Named Graph Record Parsing Stack Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by...