Ubuntu 16.04 LTS : Lua vulnerability (USN-8262-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8262-1 advisory. It was discovered that the Lua parser incorrectly handled garbage collection when processing specially crafted Lua scripts. A remote attacker could possibly use...

Exploit for Command Injection in Microsoft

CVE-2025-54100-BYPASS- CVE-2025-54100 POC "simple" Bypass Patc...

Insider e-invoice pro 安全漏洞

Insiders Insider e-invoice pro is an electronic invoice management and issuance software from Insiders Germany. A security vulnerability exists in versions prior to Insider e-invoice pro 1 Service Pack 2, which stems from mishandling of specially crafted scripts and could lead to a denial of...

redis: Lua library commands may lead to integer overflow and potential RCE

An integer overflow present in the Redis Lua scripting engine that allows an authenticated client to submit a specially crafted Lua script for example via EVAL/EVALSHA that can trigger memory corruption and potentially lead to remote code execution within the Redis server process...

Redis: Redis Lua Use-After-Free may lead to remote code execution

A vulnerability found in Redis where a flaw in the Lua scripting engine can trigger a use-after-free condition. An authenticated attacker can exploit this by running a specially crafted Lua script, potentially resulting in remote code execution RCE within the Redis process...

CVE-2025-60006

Multiple instances of an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in the CLI of Juniper Networks Junos OS Evolved could be used to elevate privileges and/or execute unauthorized commands. When an attacker executes crafted CLI commands,...

EUVD-2021-20368

Malware in sbrugna...

EUVD-2010-3760

Malware in sbrugna...

CVE-2021-25650

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services...

CVE-2020-9137

There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful...

Blizzard Battle.net 安全漏洞

Blizzard Battle.net is an online gaming platform from Blizzard USA Inc. A security vulnerability exists in Blizzard Battle.net version v2.40.0.15267, which originates from improper placement of specially crafted scripts or executables that may result in elevated privileges...

CVE-2025-27997

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory...

PT-2025-22383

Name of the Vulnerable Software and Affected Versions Blizzard Battle.net version 2.40.0.15267 Description The issue allows attackers to escalate privileges by placing a crafted shell script or executable in the C:ProgramData directory. This enables them to gain elevated access, potentially leadi...

MimeTeX 安全漏洞

MimeTeX is an image converter from the individual developer John Forkosh. A security vulnerability exists in versions prior to MimeTeX v1.77, which stems from specially crafted scripts that lead to the execution of arbitrary code...

CVE-2024-53384

A DOM Clobbering vulnerability in tsup v8.3.4 allows attackers to execute arbitrary code via a crafted script in the import.meta.url to document.currentScript in cjsshims.js components...

CVE-2024-41650

CVE-2024-41650 concerns an Insecure Permissions vulnerability in Open Robotics’ ROS 2 navigation2 (v.humble) affecting the nav2_costmap_2d component. The issue enables an attacker to execute arbitrary code via a crafted script, with impact stated as high for confidentiality and integrity and high...

Monstra CMS Security Vulnerability

Monstra CMS is a lightweight PHP-based content management system CMS by Sergey Romanenko, an individual developer in Ukraine. A security vulnerability exists in Monstra CMS version v3.0.4. An attacker can exploit the vulnerability to execute arbitrary code by uploading specially crafted PHP files...

Webkul Software Bagisto Security Vulnerability

Webkul Software Bagisto is an open source e-commerce framework from Indian company Webkul Software. A security vulnerability exists in Webkul Software Bagisto prior to v.1.5.1, which stems from a cross-site request forgery CSRF vulnerability that allows an attacker to execute arbitrary code via...

idocv security breach

idocv is a web site that provides online document preview from China's idocv company. A security vulnerability exists in idocv version v.14.1.320231228. A remote attacker can exploit this vulnerability to execute arbitrary code and obtain sensitive information via specially crafted scripts...

PT-2024-13454 · Ifair · Ifair

Name of the Vulnerable Software and Affected Versions: iFair versions 23.8 ad0 and before Description: The issue allows an attacker to obtain sensitive information via a crafted script. This is a Directory Traversal vulnerability, which means an attacker can access files and directories that are...