9 matches found
EUVD-2019-15751
Malware in sbrugna...
CVE-2010-10015
AOL versions up to and including 9.5 includes an ActiveX control Phobos.dll that exposes a method called Import via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attacke...
CVE-2010-10015 AOL <= 9.5 Phobos.Playlist 'Import()' Stack-Based Buffer Overflow
AOL versions up to and including 9.5 includes an ActiveX control Phobos.dll that exposes a method called Import via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attacke...
Schneider Electric Easy UPS Online Monitoring Software
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Vendor: Schneider Electric Equipment: Easy UPS Online Monitoring Software Vulnerability: Path Traversal 2. RISK EVALUATION Successful exploitation of this vulnerability could allow elevation of privileges which could result in arbitrary file...
CVE-2020-10963
FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload and consequently Remote Code Execution via admin/tipsimage/image/fileupload image upload with PHP content within a GIF image that has the .php extension. NOTE: this product is discontinued...
Privilege escalation
A potential vulnerability in the discontinued LenovoPaper software version 1.0.0.22 may allow local privilege escalation...
The installer of PatchJGD(Hyoko) provided by Geospatial Information Authority of Japan (GSI) may insecurely load Dynamic Link Libraries
Overview The installer of PatchJGDHyoko PatchJGDh101.EXE provided by Geospatial Information Authority of Japan GSI contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...
Energizer DUO USB Battery Charger Software Allows Remote System Access
US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows an...
DPGS allows any file to be overwritten
Taken from the scripts website: "WARNING: DPGS is no longer maintained and is thus discontinued. If you would like to take over its development, email me. - July 30, 2000" This is the reasoning to why I did not contact the author prior to this email. This is an example of how bad input filtering...