CVE-2021-44629

A Buffer Overflow vulnerabilitiy exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloudconfig/routerpost/register feature, which allows malicious users to execute arbitrary code on the system via a crafted post request...

CVE-2021-29393

The CVE-2021-29393 entry concerns Northstar Club Management 6.3. Affected component: web interfaces cominput.jsp and comoutput.jsp. Root cause: unsanitized user-controlled parameters command and commandvalues enable an OS command injection, allowing remote unauthenticated users to inject and exec...

JT Utilities and JTTK File Parsing Vulnerability (CNVD-2021-101008)

JT is a publicly released data format developed by Siemens Digital Industry Software.JT Open Toolkit also known as JTTK is developer-oriented application programming interface API JT-enabled software.JT Open Toolkit is a read and write toolkit.JT Utilities and JTTK file parsing vulnerabilities. A...

Stack overflow

A stack-based buffer overflow in Fortinet FortiWeb version 6.4.1 and 6.4.0, allows an authenticated attacker to execute unauthorized code or commands via crafted certificates loaded into the device...

Adobe Illustrator PDF File Parsing Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Out-of-bounds

FATEK Automation WinProladder Versions 3.30 and prior are vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code...

(Pwn2Own) Oracle VirtualBox e1000 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

Security Update for Microsoft Word 2016 (KB4484510) 32-Bit Edition

A security vulnerability exists in Microsoft Word 2016 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

CVE-2020-7804

CVE-2020-7804 affects Handy Groupware 1.7.3.1 on Windows 7/8/10 via ActiveX Control (HShell.dll). The root cause described is an ability for an attacker to execute arbitrary commands through the ShellExec method. No explicit remediation is provided in the supplied materials. Exploitation status a...

Ovirt Engine Reflected Cross Site Scripting (CVE-2016-3113)

A reflected cross site scripting vulnerability exists in Ovirt Engine. Successful exploitation of this vulnerability could allow attackers to execute arbitrary code on the affected system...

Prototype Pollution

@commercial/subtext is vulnerable to prototype pollution. Lack of object validation allows an attacker to inject arbitrary Object properties which can potentially lead to execution of arbitrary code...

CVE-2013-1598

A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code...

Cisco Emergency Responder CVE-2019-16025 HTML Injection Vulnerability

Description Cisco Emergency Responder is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to...

Sahi Pro 8.0.0 - Remote Command Execution

Exploit Title: Sahi Pro V8.0.0 - Unauthenticated Remote Command Execution Date: 2019-07-12 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sahipro.com Software Link: https://sahipro.com/static/builds/pro/installsahiprov80020181031.jar Reference:...

CVE-2019-7321

Usage of an uninitialized variable in the function fzloadjpeg in Artifex MuPDF 1.14 can result in a heap overflow vulnerability that allows an attacker to execute arbitrary code...

Microsoft Windows CSRSS Elevation of Privilege (CVE-2019-0735)

An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Adobe Reader DC Onix32 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Chakra Scripting Engine Memory Corruption (CVE-2018-8298)

A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

CVE-2017-8756

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE I...

Microsoft Internet Explorer 9 - MSHTML CPtsTextParaclient::CountApes Out-of-Bounds Read

oElement1 position: absolute; oElement2:after position: relative; content: counterx; onload = function oElement1 = document.createElement'oElement1'; document.documentElement.appendChildoElement1; oElement2 = document.createElement'oElement2'; document.documentElement.appendChildoElement2; ; !--...