47 matches found
UBUNTU-CVE-2022-48829
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::iasize is a lofft, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64max without corrupting the value...
CVE-2024-28683
DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...
CVE-2024-28683
DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...
CVE-2024-28683
DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...
CVE-2024-28683
DedeCMS v5.7 was discovered to contain a cross-site scripting XSS vulnerability via create file...
Desdev DedeCMS Security Breach
Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has the functions of content publishing, content management, content editing and content retrieval. A security vulnerability exists ...
PT-2024-22525 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A cross-site scripting XSS issue was found in DedeCMS via the create file functionality. This allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized access or...
Path traversal
Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a...
PT-2021-23172 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.7.0 TensorFlow versions 2.6.1 and earlier TensorFlow versions 2.5.2 and earlier TensorFlow versions 2.4.4 and earlier Description: In affected versions, if tf.summary.create file writer is called with non-scalar...
CVE-2019-18795
The BASS Audio Library 2.4.14 under Windows is prone to a BASSStreamCreateFile out of bounds read vulnerability via a crafted .wav file. An attacker can exploit this issues to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of servic...
CVE-2019-18794
The BASS Audio Library 2.4.14 under Windows is prone to a BASSStreamCreateFile Use after Free vulnerability via a crafted .ogg file. An attacker can exploit this to gain access to sensitive information that may aid in further attacks. A failure in exploitation leads to denial of service...
Windscribe WindscribeService Named Pipe Privilege Escalation
The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names,...
DEBIAN-CVE-2019-19770
In the Linux kernel 4.19.83, there is a use-after-free read in the debugfsremove function in fs/debugfs/inode.c which is used to remove a file or directory in debugfs that was previously created with a call to another debugfs function such as debugfscreatefile. NOTE: Linux kernel developers dispu...
OneFileCMS Arbitrary PHP Code Execution Vulnerability
OneFileCMS is a lightweight CMS system. The system runs on PHP and JavaScript and includes features such as document editing, file uploading and file management. A security vulnerability exists in the onefilecms.php file in OneFileCMS version 2012-04-14 and earlier. The vulnerability can be...
Fastspot BigTree CMS SQL Injection Vulnerability (CNVD-2017-08707)
Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A SQL injection vulnerability exists in Fastspot BigTree CMS 4.2.18 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...
Linux/x86 - Create file with permission 7775 and exit Shell Generator
Linux/x86 - Create file with permission 7775 and exit Shell Generator. Shellcode exploit for linx86 platform !/bin/python from sys import argv """ Shellcode Generator... Create file with permission 7775 --------------------------------------------------------------------------------- Disassembly ...
Telnet-Ftp Service Server 1.x - Multiple Vulnerabilities (Post Auth)
No description provided by source. / Telnet-Ftp Service Server v1.x ------------------------------ Multiple Vulnerability: -Remote Creat File -Remote Delet File -Remote Creat Directory -Remote Delet Directory -Remote Get File -Remote Crash...
Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database
SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File read only Create File read only Brute Table & Column Download Simple SQLi Dumper v5....
XOOPS 2.5.6 CSRF Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
BitDefender IS2011 - FV Buffer Overflow Vulnerability
Document Title: =============== BitDefender IS2011 - FV Buffer Overflow Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=147 Release Date: ============= 2011-08-29 Vulnerability Laboratory ID VL-ID: ==================================== 147...