CVE-2002-2063

AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames...

CVE-2009-4296

SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2009-3503

Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 rid and 2 tid parameters...

CVE-2009-3226

SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manwrepl addform action. NOTE: some of these details are obtained from third...

CVE-1999-0155

The ghostscript command with the -dSAFER option allows remote attackers to execute commands...

CVE-1999-1588

Buffer overflow in nlpsserver in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long string beginning with "NLPS:002:002:" to the listen aka System V listener port, TCP port 2766...

CVE-1999-0947

AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters...

CVE-1999-0388

DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root...

CVE-1999-0038

Buffer overflow in xlock program allows local users to execute commands as root...

CVE-1999-0078

pcnfsd aka rpc.pcnfsd allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call...

Google Chrome 资源管理错误漏洞

Google Chrome is a WEB browser developed by Google Inc. Google Chrome suffers from a Resource Management Error vulnerability that originates from reuse after release, which can be exploited by an attacker to submit a special Web request and trick the user into parsing it to execute arbitrary code...

CVE-2022-29623

An arbitrary file upload vulnerability in the file upload module of Express Connect-Multiparty 2.2.0 allows attackers to execute arbitrary code via a crafted PDF file. NOTE: the Supplier has not verified this vulnerability report...

Malicious code in ideals-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9dc50c85c983d6fae92067eec047d6e22d93ddd342cca6345a30c7e42c4e37fc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

kernel: mm: call the security_mmap_file() LSM hook in remap_file_pages()

A flaw was found in the remapfilepages function in mm/mmap.c in the Linux kernel, where it does not properly restrict execute access. This vulnerability allows local users to bypass intended SELinux W^X policy restrictions...

kernel: mm: call the security_mmap_file() LSM hook in remap_file_pages()

A flaw was found in the remapfilepages function in mm/mmap.c in the Linux kernel, where it does not properly restrict execute access. This vulnerability allows local users to bypass intended SELinux W^X policy restrictions...

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

CVE-2025-4561

The KFOX from KingFor has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privilege to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server...

The vulnerability of the ColdFusion software platform, related to insufficient validation of input data, allows attackers to bypass existing security restrictions and execute arbitrary code.

The vulnerability of the ColdFusion software platform is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute arbitrary code...

The vulnerability of the ColdFusion software platform, related to insufficient validation of input data, allows attackers to bypass existing security restrictions and execute arbitrary code.

The vulnerability of the ColdFusion software platform is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute arbitrary code...

CVE-2025-3916

CVE-2025-3916 concerns Schneider Electric EcoStruxure Power Build Rapsody. A stack-based buffer overflow (CWE-121) could allow a local attacker to potentially execute arbitrary code when a user opens a malicious SSD file, per multiple sources. The vulnerability is locally exploitable with user in...