KLA77062 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inappropriate implementation vulnerability in Blink can be...

D-Link DWR-2000M 安全漏洞

The D-Link DWR-2000M is a wireless router from China AUO D-Link. A security vulnerability exists in the D-Link DWR-2000M. A local attacker can exploit the vulnerability to execute arbitrary code via a crafted request...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Ghostscript vulnerabilities (USN-7103-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7103-1 advisory. It was discovered that Ghostscript incorrectly handled parsing certain PS files. An attacker could use this issue to caus...

Panda Security Dome PSANHost Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Application...

Security update for libarchive

This update for libarchive fixes the following issues: CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability bsc1225972. CVE-2024-48958: Fixed out-of-bounds access via a crafted archive file in executefilterdelta function bsc1231624. Patch Instructions: To install this SUSE upda...

SUSE-SU-2024:3940-1 Security update for libarchive

This update for libarchive fixes the following issues: - CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability bsc1225972. - CVE-2024-48958: Fixed out-of-bounds access via a crafted archive file in executefilterdelta function bsc1231624...

CVE-2024-20528 Cisco Identity Services Engine Path Traversal Vulnerability

A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials. This vulnerability is due to...

CVE-2023-29120

Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator’s privileges over the Waybox system...

Security Bulletin: IBM Sterling Control Center is vulnerable due to Apache Commons issue

Summary Apache Commons is affecting IBM Sterling Control Center v6.2.1 and v6.3.1. Vulnerability Details CVEID:CVE-2024-29131 DESCRIPTION: Apache Commons Configuration could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write vulnerability. By sending...

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

HAPI FHIR XML External Entity (XXE) vulnerability

An XML External Entity XXE vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities...

Python Execute Command

Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf payloadexec run module MetasploitModule CachedSize =...

Python Exec, Python Execute Command

Execute a Python payload from a command. Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+. Module Options msf use payload/cmd/windows/python/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... msf...

CVE-2024-51248

The CVE-2024-51248 entry affects DrayTek Vigor3900 firmware (version 1.5.1.3). The root cause is lack of proper neutralization in the modifyrow function within mainfunction.cgi, enabling an attacker to inject commands and execute arbitrary code. Exploitation details are described across multiple ...

CVE-2024-51247

Affects DrayTek Vigor3900 firmware, version 1.5.1.3. The vulnerability arises from lack of neutralization of special elements in the operating system command used by the doPPPo function in the mainfunction.cgi script, enabling a remote attacker to inject and execute arbitrary commands. Documented...

CVE-2024-51430

Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component...

CVE-2024-48200

An issue in MobaXterm v24.2 allows a local attacker to escalate privileges and execute arbitrary code via the remove function of the MobaXterm MSI is spawning one Administrative cmd conhost.exe...

CVE-2024-48112

A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code...

MAL-2024-10292 Malicious code in opdistube (npm)

The package contains code to download and execute an infostealer payload...

Malicious code in autoadv (npm)

The package contains code to download and execute an infostealer payload...