Ivanti Desktop and Server Management 安全漏洞

Ivanti Desktop and Server Management Ivanti DSM is a multi-platform unified endpoint management solution provided by the American company Ivanti. Versions of Ivanti Desktop and Server Management prior to 2026.1.1 contained security vulnerabilities. These vulnerabilities were due to exposed...

EUVD-2023-46934

Malicious code in bioql PyPI...

goldendict 安全漏洞

goldendict is a feature-rich dictionary lookup program from goldendict open source. A security vulnerability exists in goldendict versions 1.5.0 and 1.5.1, which stems from exposing dangerous methods that could lead to file reads and modifications...

PT-2024-40897 · Unknown · Langchainjs

Name of the Vulnerable Software and Affected Versions: langchainjs version 0.2.5 Description: A path traversal issue exists, allowing attackers to save files anywhere in the filesystem, overwrite existing text files, read .txt files, and delete files. This is exploited through the setFileContent,...

NI VeriStand ProjectServer OpenTool Exposed Dangerous Method Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI VeriStand. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of service requests in the ProjectServer component. The issue results from...

PT-2024-4132 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: The issue is related to the queryDeviceCustomMonitorResult method of the D-Link D-View platform, which uses dangerous methods or functions. This allows a remote attacker to execute...

Foxit PDF Editor 安全漏洞

Foxit PDF Editor is a PDF editor from the Chinese company Foxit Foxit. A security vulnerability exists in Foxit PDF Editor, which originates from a remote code execution vulnerability in the XLS file parsing expose dangerous method...

CVE-2023-50895

In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code...

CVE-2023-50895

In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code...

CVE-2023-50895

In Janitza GridVis through 9.0.66, exposed dangerous methods in the de.janitza.pasw.project.server.ServerDatabaseProject project load functionality allow remote authenticated administrative users to execute arbitrary Groovy code...

JSpector - A Simple Burp Suite Extension To Crawl JavaScript (JS) Files In Passive Mode And Display The Results Directly On The Issues

JSpector is a Burp Suite extension that passively crawls JavaScript files and automatically creates issues with URLs, endpoints and dangerous methods found on the JS files. Prerequisites Before installing JSpector, you need to have Jython installed on Burp Suite. Installation 1. Download the late...

PT-2023-3290 · Trend Micro · Trend Micro Apex One Security Agent +1

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One Security Agent affected versions not specified Trend Micro Apex One as a Service affected versions not specified Description: The issue is related to the use of dangerous methods or functions in the Trend Micro Apex One a...

UBUNTU-CVE-2021-23556

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

PYSEC-2022-165

The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. Note: Exploitation...

Exposed Dangerous Method or Function

Overview guake is a Guake Terminal Affected versions of this package are vulnerable to Exposed Dangerous Method or Function due to the exposure of executecommand and executecommandbyuuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via...

Siemens and PKE Control Center Server

1. EXECUTIVE SUMMARY CVSS v3 9.9 ATTENTION: Exploitable remotely/low attack complexity Vendors: Siemens/PKE Equipment: Control Center Server CCS Vulnerabilities: Cleartext Storage of Sensitive Information in GUI, Improper Authentication, Relative Path Traversal, Use of a Broken or Risky...

Apple Mac OSX - io_service_close Use-After-Free

/ Source: https://code.google.com/p/google-security-research/issues/detail?id=597 It turns out that the spoofed no-more-senders notification bug when applied to iokit objects was actually just a more complicated way to hit ::clientClose in parallel. We can in fact do this very simply by calling...

IBM ACPRunner 1.2.5 ActiveX Control Dangerous Method Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10561/info It is reported that the IBM acpRunner ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a...

CVE-2007-3296

The ThunderServer.webThunder.1 ActiveX control in xunlei Web Thunderbolt 1.7.3.109 allows remote attackers to download arbitrary files and conduct other unauthorized actions by invoking dangerous methods...

CVE-2005-3757

Removed by vendor...