Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the validatepathelementntfs function. An attacker can write arbitrary files and potentially execute code in the victim's user context by crafting malicious Git repositories with NTFS-hostile tree entries that are...

Malicious code in yelp-mobile-site-common (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ad1d645e8b5f71c1d74bd3c213319d6674345796d462ed0e53a87c084f07a84 The package yelp-mobile-site-common was found to contain malicious code. Source: ghsa-malware...

Blurams Lumi A31C 安全漏洞

Blurams Lumi A31C is a security camera from Blurams USA. A security vulnerability exists in the Blurams Lumi A31C version 23.1227.472.2926, which originates from an SD card bootloader that can be overwritten, potentially leading to the execution of arbitrary code...

EUVD-2002-1583

Malware in sbrugna...

EUVD-2005-1104

Malware in sbrugna...

Security Bulletin: Vulnerabilities in Golang, Python, postgresql, cURL libcurl might affect IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management can be affected by vulnerabilities in Golang Go, Python, PostgreSQL and cURL libcurl. Vulnerabilities include executing in the victim's Web browser within the security context of the hosting site, executing arbitrary code as the bootstrap superuser on the...

Siemens Tecnomatix Plant Simulation Out-of-Bounds Writing Vulnerability (CNVD-2023-13089)

Siemens Tecnomatix Plant Simulation is an object-oriented, graphical, and integrated modeling and simulation tool. An out-of-bounds write vulnerability exists in Siemens Tecnomatix Plant Simulation due to an affected application parsing a specially crafted SPP file containing out-of-bounds writes...

CVE-2022-20802

A vulnerability in the web interface of Cisco Enterprise Chat and Email ECE could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by...

CVE-2022-28661

A vulnerability has been identified in Simcenter Femap All versions V2022.1.2. The affected application contains an out of bounds read past the end of an allocated buffer while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process...

CVE-2021-34715 Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability

A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...

DiskBoss Service 12.2.18 - (diskbsa.exe) Unquoted Service Path Vulnerability

Exploit Title: DiskBoss Service 12.2.18 - 'diskbsa.exe' Unquoted Service Path Discovery by: Erick Galindo Vendor Homepage: https://www.diskboss.com Software : https://www.diskboss.com/setupsx64/diskbosssetupv12.2.18x64.exe Tested Version: 12.2.18 Vulnerability Type: Unquoted Service Path Tested o...

Default credentials

A vulnerability has been identified in Tecnomatix RobotExpert All versions V16.1. Affected applications lack proper validation of user-supplied data when parsing CELL files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this...

Aruba Instant Buffer Overflow Vulnerability (CNVD-2021-26051)

Aruba Instant is a cloud-hosted controller-less wireless access point. Aruba Instant has a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the underlying operating system by sending specially crafted packets to the PAPI UDP port...

DLL Hijacking Vulnerability in Dahua Player

Zhejiang Dahua Technology Co., Ltd. is a leading supplier and solution provider of surveillance products. DLL hijacking vulnerability exists in Dahua Player, which can be exploited by attackers to load malicious dll and execute malicious code...

CVE-2020-0776

An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique...

Microsoft Windows gdiplus DoExtTextOut Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cross site scripting

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

CVE-2019-1000010

phpIPAM version 1.3.2 and earlier contains a Cross Site Scripting XSS vulnerability in subnet-scan-telnet.php that can result in executing code in victims browser. This attack appears to be exploitable via victim visits link crafted by an attacker. This vulnerability appears to have been fixed in...

Adobe Acrobat Pro DC XSLT Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Mozilla Firefox ESR < 52.5 Multiple Vulnerabilities

Binary data 700332.prm...