Design/Logic Flaw

An issue was discovered in Foxit PhantomPDF before 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029...

CVE-2020-12828

CVE-2020-12828 affects the AnchorFree VPN SDK prior to 1.3.3.218. The vulnerable component is the VPN SDK service, which binds a socket on localhost and uses a provided path to a executable file, leading to execution of that malicious file with SYSTEM privileges. The connected Red Hat and CNVD en...

Command Injection

radare2 is vulnerable to command injection. A command injection vulnerability exists in the function binsymbols in libr/core/cbin.c. An attacker is able to execute arbitrary shell commands using a malicious executable file due to improper handling of symbol names embedded in executables...

Malicious Package

atlas-client is a malicious package. The package typosquats on the original package atlasclient and executes malicious code in a portable executable hidden in a .png file...

TestLink File Upload Vulnerability

TestLink is a set of open source software for managing the software testing process and providing statistical analysis. A file upload vulnerability exists in the keywordImport.php file in TestLink version 1.9.20. A remote attacker can exploit this vulnerability by uploading a file with an...

CVE-2019-3719

Dell support agent fails to properly identify the origin of updates. By DNS spoofing and crafted payloads, an attacker can serve up an executable file that the support agent will run as system. Recent assessments: bwatters-r7 at July 18, 2019 9:47pm UTC reported: As exploits go, being able to ser...

Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2019-1134)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-5509

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image...

PT-2020-18486 · Phpgurukul · Phpgurukul Car Rental Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul Car Rental Project version 1.0 Description: The issue allows for Remote Code Execution via an executable file in an upload of a new profile image. Recommendations: For PHPGurukul Car Rental Project version 1.0, consider restricting...

Updated radare2 packages fix security vulnerabilities

Updated radare2 packages fix security vulnerabilities: In radare2 through 3.5.1, there is a heap-based buffer over-read in the regglangparsechar function of egglang.c. This allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact because of...

Microsoft Windows .Group File - Code Execution Exploit

Exploit Title: Microsoft Windows .Group File - Code Execution Exploit Author: hyp3rlinx Vendor Homepage: www.microsoft.com Version: 1.9.6 Tested on: Windows CVE : N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Design/Logic Flaw

An unquoted search path vulnerability in Multiple Yokogawa products for Windows Exaopc R1.01.00 ? R3.77.00, Exaplog R1.10.00 ? R3.40.00, Exaquantum R1.10.00 ? R3.02.00 and R3.15.00, Exaquantum/Batch R1.01.00 ? R2.50.40, Exasmoc all revisions, Exarqe all revisions, GA10 R1.01.01 ? R3.05.01, and...

CVE-2019-4606

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

CVE-2019-4606

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

Design/Logic Flaw

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

CVE-2019-4606

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

Unspecified Vulnerability in IBM Planning Analytics

IBM Planning Analytics is a suite of business planning and analytics solutions from IBM USA. The solution supports automated execution of processes such as business planning, budgeting and analysis. A security vulnerability exists in My Account Portal in IBM Planning Analytics version 2.0. An...

CVE-2017-5333

Integer overflow in the extractgroupiconcursorresource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service process crash or execute arbitrary code via a crafted executable file...

CVE-2017-5333

Integer overflow in the extractgroupiconcursorresource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service process crash or execute arbitrary code via a crafted executable file...

CVE-2017-5333

Integer overflow in the extractgroupiconcursorresource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service process crash or execute arbitrary code via a crafted executable file...