6839 matches found
CVE-2014-2025
Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it v...
Unrestricted file upload
Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it v...
CVE-2014-2025
Unrestricted file upload vulnerability in an unspecified third party tool in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it v...
Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D
DLL Abuse Techniques Overview Dynamic-link library DLL side-loading occurs when Windows Side-by-Side WinSxS manifests are not explicit about the characteristics of DLLs being loaded by a program. In layman’s terms, DLL side-loading can allow an attacker to trick a program into loading a malicious...
CVE-2019-17100
An Untrusted Search Path vulnerability in bdserviceshost.exe as used in Bitdefender Total Security 2020 allows an attacker to execute arbitrary code. This issue does not affect: Bitdefender Total Security versions prior to 24.0.12.69...
Huawei EulerOS: Security Advisory for nautilus (EulerOS-SA-2018-1053)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1283)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for flatpak (EulerOS-SA-2019-1134)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for libffi (EulerOS-SA-2019-1756)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Podcast: NSA Reports Major Crypto-Spoofing Bug to Microsoft
A major Microsoft crypto-spoofing bug impacting Windows 10 made waves this Patch Tuesday, particularly as the flaw was found and reported by the U.S. National Security Agency NSA. Microsoft’s January Patch Tuesday security bulletin disclosed the “important”-severity vulnerability, which could all...
Spoofing
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-0601
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
CVE-2020-5509
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image...
Windows CryptoAPI Spoofing Vulnerability
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
Elementor < 2.7.5 - Authenticated Arbitrary File Upload
The Elementor plugin version 2.7.4 and below was found to be vulnerable to an arbitrary file upload. Due to the application not handling zip files with directories properly an attacker could upload php files which were executable, this allowed any user able to import templates WordPress role...
CVE-2020-0601, aka NSACrypt
A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...
PT-2020-18486 · Phpgurukul · Phpgurukul Car Rental Project
Name of the Vulnerable Software and Affected Versions: PHPGurukul Car Rental Project version 1.0 Description: The issue allows for Remote Code Execution via an executable file in an upload of a new profile image. Recommendations: For PHPGurukul Car Rental Project version 1.0, consider restricting...
The vulnerability of the libld component in the library that handles system calls and core functions, glibc, allows a perpetrator to execute arbitrary code.
The vulnerability of the libld component in the library that provides system calls and core functions in glibc is related to insufficient input data validation. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted ELF file...