CVE-2022-32223

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine: OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf”...

YottaDB Buffer Overflow Vulnerability

YottaDB is a real-time database from YottaDB, Inc. A security vulnerability exists in versions of YottaDB prior to r1.32, which could be exploited by attackers to control the size variables and buffers passed to memcpy calls to overwrite critical data structures and control the execution flow...

CVE-2021-44496

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can control the size variable and buffer that is passed to a call to memcpy. An attacker can use this to overwrite key data structures and gain control of the flow of execution...

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...

Datarobot 代码注入漏洞

DataRobot Datarobot is an enterprise Ai platform from US-based DataRobot, Inc. It automates the entire process required for machine learning. Datarobot suffers from a code injection vulnerability that arises from a network system or product not properly filtering specific elements of externally...

Statamic 代码注入漏洞

Statamic is a powerful flat file Cms built on Laravel by Statamic, Inc. for storing all content, templates, assets, and settings in files instead of a database. Statamic suffers from a code injection vulnerability that arises from a network system or product not properly filtering specific elemen...

Microsoft Visual Studio Code 代码注入漏洞

A code injection vulnerability exists in Microsoft Visual Studio Code, an open source code editor from Microsoft Corporation. The vulnerability stems from a network system or product that does not properly filter special elements in code segments constructed from external input data. An attacker...

Insyde InsydeH2O permission permission and access control issues vulnerability

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. The vulnerability could be exploited to hijack the execution flow of code running in system...

Code injection

An issue was discovered in StorageSecurityCommandDxe in Insyde InsydeH2O with Kernel 5.1 before 05.14.28, Kernel 5.2 before 05.24.28, and Kernel 5.3 before 05.32.25. An SMM callout vulnerability allows an attacker to hijack execution flow of code running in System Management Mode. Exploiting this...

Lexmark 代码注入漏洞

Lexmark is a series of printers in the U.S. A security vulnerability exists in Lexmark, which stems from a network system or product that does not properly filter special elements in code segments constructed from external input data. An attacker could exploit the vulnerability to generate an...

Microsoft Windows 代码注入漏洞

Microsoft Windows is a suite of operating systems for personal device use from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows Modern Execution Server, which arises from a network system or product not properly filtering specific elements of externally input...

Microsoft Windows 代码注入漏洞

Microsoft Windows is a suite of operating systems for personal device use from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows Geolocation Service, which arises from a network system or product not properly filtering specific elements of externally entered da...

Microsoft 4K Wireless Display Adapter 代码注入漏洞

The Microsoft 4K Wireless Display Adapter is a 4K wireless display adapter from Microsoft Corporation USA. A code injection vulnerability exists in the Microsoft 4K Wireless Display Adapter. The vulnerability arises from a network system or product not properly filtering specific elements of...

Adobe After Effects 代码注入漏洞

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is primarily used for 2D and 3D compositing, animation, and visual effects production. A code injection vulnerability exists in Adobe After Effects, which...

Microsoft 3D Viewer 代码注入漏洞

A code injection vulnerability exists in Microsoft 3D Viewer, a simplified and fast graphics editing application from Microsoft Corporation USA. The vulnerability stems from the process of constructing code segments from external input data that is not properly filtered by the network system or...

Microsoft 3D Viewer 代码注入漏洞

Microsoft 3D Viewer is a simplified and fast graphics editing application from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft 3D Viewer. The vulnerability arises from a network system or product not properly filtering specific elements of externally entered data...

Microsoft Excel 代码注入漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Excel. The vulnerability arises from a network system or product not properly filtering specific elements of externally entered data during t...

Netgate pfSense CE 跨站脚本漏洞

Netgate pfSense CE is a free and open source FreeBSD-based firewall and router software. Netgate pfSense suffers from a cross-site scripting vulnerability that originates from a network system or product that does not properly filter specific elements of externally entered data during the...

Batflat Code Injection Vulnerability

Batflat is a free lightweight, fast and simple CMS from Batflat. A code injection vulnerability exists in Batflat 1.3.6 that stems from the failure of a web system or product to properly filter specific elements of externally entered data during the construction of a code snippet. An attacker cou...

Trend Micro Security 2020 Code Injection Vulnerability

A code injection vulnerability exists in Trend Micro Security that originates from a network system or product that does not properly filter specific elements of externally entered data during the construction of a code segment. An attacker could exploit the vulnerability to generate an illegal...