CVE-2023-6288

Code injection in Remote Desktop Manager 2023.3.9.3 and earlier on macOS allows an attacker to execute code via the DYLIBINSERTLIBRARIES environment variable...

Flatsome < 3.17.6 - Unauthenticated PHP Object Injection

Description The Flatsome theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.17.5 via deserialization of untrusted input. This allows unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed o...

Adobe Premiere Pro Out-of-Bounds Read Vulnerability (CNVD-2023-95448)

Adobe Premiere Pro is a set of non-linear editing video editing software from the American company Audobee Adobe. Adobe Premiere Pro suffers from an out-of-bounds read vulnerability that can be exploited by an attacker to execute code in the context of the current user...

Sql injection

SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request...

CVE-2023-43581

A buffer overflow was reported in the UpdateWMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

CVE-2023-43579

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

Buffer overflow

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code...

PT-2023-28863 · Lenovo · Lenovo Desktop

Name of the Vulnerable Software and Affected Versions: Lenovo Desktop products affected versions not specified Description: A buffer overflow was reported in the UltraFunctionTable module that may allow a local attacker with elevated privileges to execute arbitrary code. Recommendations: At the...

Grid Plus < 1.3.4 - Subscriber+ Local File Inclusion

Description The plugin does not properly validate and sanitize shortcode attributes, leading to a Local File Inclusion vulnerability. This flaw could enable attackers to include and execute arbitrary PHP files on the server, potentially bypassing access controls, exposing sensitive data, or...

CVE-2021-26735

The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. A local adversary may be able to execute code with SYSTEM privileges...

CVE-2023-4402

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...

Ubuntu: Security Advisory (USN-6441-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : RPM Package Manager vulnerabilities (USN-5273-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5273-1 advisory. Demi M. Obenour discovered that RPM Package Manager incorrectly handled certain files. An attacker could possibly use this issue ...

Input validation

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Adobe Commerce SQL注入漏洞

Adobe Commerce is the United States of America Odobie Adobe company's a kind of merchants and brands for the world's leading digital commerce solutions. A SQL injection vulnerability exists in Adobe Commerce prior to version 2.4.7, which stems from the application's lack of validation of external...

CVE-2023-43625

A vulnerability has been identified in Simcenter Amesim All versions V2021.1. The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process...

Stack overflow

A vulnerability has been identified in Xpedition Layout Browser All versions VX.2.14. Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process...

Vulnerabilities fixed in Microsoft Exchange Server

Microsoft has fixed a vulnerability in Exchange Server. A malicious party could potentially exploit the vulnerability to execute arbitrary code under SYSTEM privileges. For successful exploitation, the malicious party must be authenticated and authorized on the local network. As far as is known,...

Coppermine Gallery 1.6.25 - RCE

Exploit Title: coppermine-gallery 1.6.25 RCE Application: coppermine-gallery Version: v1.6.25 Bugs: RCE Technology: PHP Vendor URL: https://coppermine-gallery.net/ Software Link: https://github.com/coppermine-gallery/cpg1.6.x/archive/refs/tags/v1.6.25.zip Date of found: 05.09.2023 Author: Mirabba...

CVE-2023-32972 QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...