EUVD-2021-6895

Malicious code in bioql PyPI...

CVE-2024-46088

An arbitrary file upload vulnerability in the ProductAction.entphone interface of Zhejiang University Entersoft Customer Resource Management System v2002 to v2024 allows attackers to execute arbitrary code via uploading a crafted file...

G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA...

CVE-2024-40550

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/savePlaceMetaData of Public CMS v.4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-40549

PublicCMS v4.0.202302.e is affected by CVE-2024-40549 due to an arbitrary file upload vulnerability in the /admin/cmsTemplate/savePlace component, which can allow an attacker to execute arbitrary code via a crafted file. The CVE is documented across multiple feeds (NVD, Red Hat, CNNVD, OSV, etc.)...

CVE-2023-46714

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...

Design/Logic Flaw

An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v323.05 allows attackers to execute arbitrary code via uploading a crafted file...

Security Bulletin: Vulnerabilities in PostgreSQL, Golang might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in PostgreSQL, and Golang Go. Vulnerabilities include causing a denial of service condition, sending a specially crafted request to launch further attacks against the affected system, and executing arbitrary code on the...

[SECURITY] [DSA 5585-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5585-1 [email protected] https://www.debian.org/security/ Andres Salomon December 21, 2023 https://www.debian.org/security/faq -...

Security Bulletin: Multiple vulnerabilities in Apache Camel core affect IBM Application Performance Management products

Summary Apache Camel core is used by IBM Application Performance Management. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2014-0002 DESCRIPTION: Apache Camel could allow a remote attacker to obtain sensitive information, caused by an error in t...

CVE-2022-47876

The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts...

Design/Logic Flaw

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file...

Debian: Security Advisory (DLA-268-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-24734

An arbitrary file upload vulnerability in the cameraupload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2019-10169

A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running...

Intel® Converged Security Management Engine (Intel® CSME) 11.x issue

Summary: In an effort to continuously improve the robustness of the Intel® Converged Security Management Engine Intel® CSME, Intel has performed a security review of its Intel® CSME with the objective of continuously enhancing firmware resilience. Description: In an effort to continuously improve...

Google Releases Chrome 4.1.249.1059

Google has released Chrome 4.1.249.1059 for Windows to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, conduct cross-site scripting attacks, or conduct cross-site request forgery attacks. US-CERT encourages users and administrators to revie...

CVE-2007-4949

The CVE-2007-4949 entry describes multiple PHP remote file inclusion issues in phpReactor 1.2.7pl1 where remote code execution could occur via a URL in the pathtohomedir parameter to certain files (ekilat.com-int.tpl.php, phpreactor.org-top.tpl.php, ekilat.com-top.tpl.php) located in the examples...

GLSA-200609-19 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200609-19 Mozilla Firefox: Multiple vulnerabilities A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact : The most severe vulnerability involves enticing a...