Open Design Alliance Drawings SDK Out-of-Bounds Reading Vulnerability (CNVD-2022-01430)

Open Design Alliance Drawings SDK is a software development kit for drawing design applications from Open Design Alliance, Inc. The SDK provides access to data in .dwg and .dgn through a convenient, object-oriented API that provides a C API, support for repair files, support for . The vulnerabili...

Remote Code Execution (RCE)

hcxtools:sid is vulnerable to remote code execution. A global-buffer-overflow exists in the function pcapngoptionwalk located in hcxpcapngtool.c. It allows an attacker to cause code Execution...

HEIF Global Buffer Overflow Vulnerability (CNVD-2021-99291)

HEIF refers to High Efficiency Image File Format, a file format for single images or image sequences. hevcDecoderConfigurationRecord::getPicWidth function in hevcdecoderconfigrecord.cpp in HEIF 3.6.2 and earlier versions has global buffer overflow vulnerability. An attacker can exploit this...

Alt-N MDaemon Webmail 20.0.0 Cross Site Scripting

Exploit Title: Alt-N MDaemon webmail 20.0.0 - 'Contact name' Stored Cross Site Scripting XSS Date: 2020-08-25 Exploit Author: Kailash Bohara Vendor Homepage: https://www.altn.com/ Version: Mdaemon webmail 3. We can see execution code and after saving it, each time we visits the distribution list...

PT-2021-2444

Name of the Vulnerable Software and Affected Versions: Apache Tomcat affected versions not specified Description: The issue is related to a configuration server implementation vulnerability in Apache Tomcat, which involves the recovery of unreliable data in memory due to buffer deserialization. A...

Ubuntu: Security Advisory (USN-4620-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2020-4638

Name of the Vulnerable Software and Affected Versions jQuery versions 1.2 through 3.5.0 Description The issue is related to the execution of untrusted code when passing HTML from untrusted sources to jQuery's DOM manipulation methods, such as .html, .append, and others, even after sanitizing the...

CVE-2014-4657

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...

CVE-2020-8845

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader AcroForm removeField Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17667

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-17659

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Oracle VirtualBox crUnpackExtendGetAttribLocation Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Oracle VirtualBox. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within...

UBUNTU-CVE-2018-19975

In YARA 3.8.1, bytecode in a specially crafted compiled rule can read data from any arbitrary address in memory, in libyara/exec.c. Specifically, OPCOUNT can read a DWORD...

IceWarp WebMail 12.0.3.1 Cross Site Scripting

Title: IceWarp WebMail Cross Site Scripting XSS & Execution Code + Date: 2018/08/13 + Author: Mostafa Gharzi + Team: Maher - CertCC.ir + Vendor Homepage: www.icewarp.com + Tested on: Windows 10 & Kali Linux + Versions: 12.0.3.1 and Before + Vulnerable Parameter: Post Method + Vulnerable File:...

DataLife Engine 13.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications + Title: DataLife Engine Core Cross Site Scripting XSS & Execution Code + Author: Mostafa Gharzi + Team: Maher - CertCC.ir + Vendor Homepage: www.dleviet.com www.dle-news.com + Tested on: Windows 10 & Kali Linux + Versions: 13.0 and Before +...

CVE-2018-14270

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows Monthly Rollup (KB4015549)

This host is missing a monthly rollup according to Microsoft security update KB4015549. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Adobe Acrobat Pro DC JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

USN-2987-1: GD library vulnerabilities

It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS...