Siemens APOGEE PXC and TALON TC Series Expected Behavior Violation (CVE-2025-40555)

Affected devices start sending unsolicited BACnet broadcast messages after processing a specific BACnet createObject request. This could allow an attacker residing in the same BACnet network to send a specially crafted message that results in a partial denial of service condition of the targeted...

EUVD-2014-0048

Malware in sbrugna...

GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

GHSA-CVWC-G7FW-7XRJ Plone XSS Vulnerability

Cross-site scripting XSS vulnerability in skins/plonetemplates/defaulterrormessage.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the typename parameter to Members/ipa/createObject...

Plone XSS Vulnerability

Cross-site scripting XSS vulnerability in skins/plonetemplates/defaulterrormessage.pt in Plone before 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the typename parameter to Members/ipa/createObject...

Plone Code Injection vulnerability

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject...

Microsoft Windows VBScript CreateObject Function Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose the contents of memory on applications using the VBScript scripting language on vulnerable installations of Microsoft Windows. Microsoft Internet Explorer is an affected application. User interaction is required to exploit this vulnerability ...

CVE-2012-5488

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject...

PYSEC-2014-30

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject...

Design/Logic Flaw

pythonscripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject...

The coolest windows Backdoor-vulnerability warning-the black bar safety net

The back door principle: Go to: small Chapter blog http://blog.csdn.net/scz123/archive/2007/03/14/1528695.aspx In windows 2 0 0 0/xp/vista, press shift key 5 times, you can open the sticky position, 会运行sethc.exe and, in the login interface may also be open. It's reminiscent of a WINDOWS...

CVE-2004-2204

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT...

Microsoft Windows - 'HTA' Script Execution (MS05-016)

/ Changed date in db to place it on the main page instead of it being bumped off /str0ke / /++ MS05-016 POC Made By ZwelL [email protected] 2005.4.13 All information from : http://www.securityfocus.net/archive/1/395563/2005-04-10/2005-04-16/0 You need make a .hta file to use it. Like: set...

CVE-2004-2204

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT...