Vulnerability fixed in ArcSight Enterprise Security Manager

Micro Focus has fixed a vulnerability in ArcSight Enterprise Security Manager ESM. An authenticated malicious person at remote user could potentially exploit the vulnerability to execute arbitrary execute arbitrary code under the application's privileges. Micro Focus shared few technical details...

CVE-2021-29363

A buffer overflow vulnerability in FORMATS!ReadRASW+0xa74 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.0xa74...

Buffer overflow

A buffer overflow vulnerability in FORMATS!ReadRASW+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file...

CVE-2021-29362

A buffer overflow vulnerability in FORMATS!ReadRASW+0xa30 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file...

Ubuntu: Security Advisory (USN-5090-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Voting System Project Arbitrary File Upload

A remote code execution vulnerability exists in Voting. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Ubuntu: Security Advisory (USN-5088-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5084-1: LibTIFF vulnerability

It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges...

Remote code execution in UReport

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code...

CVE-2021-32268

Buffer overflow vulnerability in function gffprintf in osfile.c in gpac before 1.0.1 allows attackers to execute arbitrary code. The fixed version is 1.0.1...

CVE-2020-21322

An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2020-21481

An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted .txt file which is later changed to a PHP file...

CVE-2020-21480

An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file...

Security Bulletin: libXml2 used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2021-3518)

Summary The libXml2 library used by Identity Insight has a potential use-after-free vulnerability that could be exploited by an attacker using a crafted input file. Vulnerability Details CVEID: CVE-2021-3518 DESCRIPTION: GNOME libxml2 could allow a remote attacker to execute arbitrary code on the...

CVE-2020-21480

An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2020-21322

CVE-2020-21322 is an arbitrary file upload vulnerability in Feehi CMS v2.0.8 and earlier that allows an attacker to execute arbitrary PHP code via a crafted file. Affected: Feehi CMS (PHP-based). Root cause: improper handling of uploaded files enabling code execution. Impact: remote code executio...

CVE-2020-21125

CVE-2020-21125 corresponds to an arbitrary file creation vulnerability in UReport 2.2.9. The connected documents consistently describe this as a vulnerability in a Java-based reporting engine that could permit an attacker to cause arbitrary code execution through file creation. The affected produ...

CVE-2020-19156

Cross Site Scripting XSS in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save' function is called...

Adobe InDesign memory out-of-bounds access vulnerability

Adobe InDesign is a desktop publishing DTP application from Adobe, mainly used for typesetting and editing of various printed materials. Adobe InDesign is vulnerable to a memory out-of-bounds access vulnerability. An attacker could exploit this vulnerability to execute arbitrary code...

CVE-2021-33675

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability through phishing and to execute arbitrary code on the victim's browser...