CVE-2024-56278

CVE-2024-56278: Improper generation of code (Code Injection) in Smackcoders WP Ultimate Exporter allows PHP Remote File Inclusion. Affected: WP Ultimate Exporter versions from n/a to 2.9.1. CVSSv3.1 base score 9.1 (CRITICAL); vectors: Network, Privileges Required HIGH, User Interaction NONE, Scop...

CVE-2024-49091 Windows Domain Name Service Remote Code Execution Vulnerability

...

Exploit for CVE-2024-29671

NEXTU FLETA Wifi6 Router RCE Exploit POC This document...

CVE-2024-47964

Delta Electronics CNCSoft-G2 has a heap-based buffer overflow due to insufficient validation of user-supplied data length before copying to a fixed-length heap buffer. The issue can allow code execution in the current process when a user is lured to a malicious page/file. Affected product: CNCSof...

Important: python-setuptools

Issue Overview: A vulnerability in the packageindex module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptibl...

GTKWave Arbitrary Write Vulnerability (CNVD-2024-04851)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An arbitrary write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vcd files...

GTKWave out-of-bounds write vulnerability (CNVD-2024-04856)

GTKWave is a full-featured, GTK+-based waveform viewer from GTKWave. An out-of-bounds write vulnerability exists in GTKWave version 3.3.115, which can be exploited by an attacker to cause arbitrary code execution via specially crafted .vzt files...

PT-2023-9837 · Openssl +1 · Openssl +1

Name of the Vulnerable Software and Affected Versions: FlexNet Publisher versions prior to 2024 R1 11.19.6.0 Description: A misconfiguration in lmadmin.exe allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges...

CVE-2023-32184

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...

PT-2023-4222 · NetGear · Netgear Wnr2000V2 +2

Name of the Vulnerable Software and Affected Versions: Netgear JWNR2000v2 version 1.0.0.11 Netgear XWN5001 version 0.4.1.1 Netgear XAVN2001v2 version 0.4.0.7 Description: The issue is related to buffer overflows in the update auth function, which can be exploited via the http passwd and http...

CVE-2023-33128

.NET and Visual Studio Remote Code Execution Vulnerability...

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

CVE-2022-28302

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.02.34. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...

pyLoad js2py Python Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/stopwatch' class MetasploitModule 'pyLoad js2py Python Execution', 'Description' = %q pyLoad versions prior to 0.5.0b3.dev31 are vulnerable to Python code...

PYSEC-2022-43163

WMAgent v1.3.3rc2 and 1.3.3rc1, reqmgr 2 1.4.1rc5 and 1.4.0rc2, reqmon 1.4.1rc5, and global-workqueue 1.4.1rc5 allows attackers to execute arbitrary code via a crafted dbs-client package...

CVE-2021-46617

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Siemens Simcenter Femap Stack Buffer Overflow Vulnerability (CNVD-2022-10014)

Siemens Simcenter Femap is a cutting-edge engineering simulation application from Siemens, Germany. Siemens Simcenter Femap is vulnerable to a stack buffer overflow when parsing NEU files, which could be exploited to execute code in the context of the current process...

Attackers bypass Microsoft security patch to drop Formbook malware

By Waqas The patch was issued to prevent the execution of code that downloaded the Microsoft Cabinet archive containing a malicious executable. This is a post from HackRead.com Read the original post: Attackers bypass Microsoft security patch to drop Formbook malware...