CVE-2024-31011

Arbitrary file write vulnerability in beescms v.4.0, allows a remote attacker to execute arbitrary code via a file path that was not isolated and the suffix was not verified in admintemplate.php...

CVE-2024-31011

CVE-2024-31011 affects beescms v4.0, where an Arbitrary file write vulnerability exists in admin_template.php due to a file path that was not isolated and an unverified suffix. This allows a remote attacker to write arbitrary files and, as described, execute arbitrary code. The impact is consiste...

CVE-2024-30370

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific actio...

CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific actio...

CVE-2024-20849

The CVE-2024-20849 issue affects libsdffextractor, with an out-of-bounds write in the chunk parsing implementation. Versions prior to SMR Apr-2023 Release 1 are vulnerable and could allow local attackers to execute arbitrary code. The available connected document (PT-2024-18758) confirms the affe...

CVE-2024-20844

Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code...

CVE-2024-20843

Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code...

CVE-2024-20843

Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code...

CVE-2024-31004

CVE-2024-31004 affects Bento4 Bento v.1.6.0-641. The vulnerability is in the Ap4StsdAtom.cpp file, specifically the AP4_StsdAtom::AP4_StsdAtom constructor, which can be triggered via mp4fragment. The issue enables a remote attacker to execute arbitrary code. The connected sources confirm the affe...

CVE-2024-31002

Buffer Overflow vulnerability in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the AP4 BitReader::ReadCache at Ap4Utils.cpp component...

CVE-2024-0980

The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code...

CVE-2024-31063

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Email input field...

CVE-2024-31062

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the Street input field...

CVE-2024-31064

Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the First Name input field...

Security Bulletin: Multiple Vulnerabilities in IBM Operations Analytics Predictive Insights.

Summary Multiple vulnerabilities were addressed in IBM Operations Analytics Predictive Insights 1.3.6 iFix 8 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in authenticato...

Google Chrome Security Update (stable-channel-update-for-desktop_26-2024-03) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

CVE-2024-25168

SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface...

CVE-2024-29272

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php...

CVE-2024-29272

Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php...

Ubuntu: Security Advisory (USN-6680-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...