Dolibarr ERP/CRM Command Execution Vulnerability

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A code execution vulnerability exists in Dolibarr ERP/CRM. The...

xstream code injection vulnerability

xstream is an open source Java class library , it can serialize objects into XML or deserialize XML into objects . . A code injection vulnerability exists in xstream. The vulnerability stems from a network system or product that does not properly filter special elements of externally entered data...

Eclipse OpenJ9 code injection vulnerability

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A code injection vulnerability exists in AIX builds in Eclipse OpenJ9 versions prior to 0.15.0. The vulnerability stems from a networked system or product that does not...

ProClima Code Injection Vulnerability

Schneider Electric ProClima is a heat calculation software package from Schneider Electric, France. The software provides thermal management capabilities for environmental and electrical/electronic equipment installed in control panels by analyzing specified thermal data. A code injection...

Palo Alto Networks Traps Code Injection Vulnerability

Palo Alto Networks Traps is a suite of endpoint security protection software from Palo Alto Networks, USA. A code injection vulnerability exists in Palo Alto Networks Traps 5.0.5 and prior versions. The vulnerability stems from a network system or product not properly filtering specific elements ...

SAP E-Commerce Code Injection Vulnerability

SAP E-Commerce is a set of e-commerce solutions from Germany's SAP. A code injection vulnerability exists in SAP E-Commerce, which arises from the failure of a network system or product to properly filter specific elements of externally entered data during the construction of a code segment, and...

EmpireCMS Code Injection Vulnerability

EmpireCMS Empire Content Management System is an open source content management system CMS. A code injection vulnerability exists in the admindbDoSql.php file in EmpireCMS 7.5 and earlier versions, which can be exploited by an attacker to generate illegal code snippets that modify the intended...

RICOH SP 4510DN Code Injection Vulnerability

The RICOH SP 4510DN is a multifunction printer from Ricoh Japan. A code injection vulnerability exists in the RICOH SP 4510DN, which arises from a network system or product that does not properly filter specific elements of externally inputted data during the construction of a code segment, and c...

RICOH SP 4520DN Code Injection Vulnerability

The RICOH SP 4520DN is a multifunction printer from Ricoh Japan. A code injection vulnerability exists in the RICOH SP 4520DN, which arises from a network system or product that does not properly filter specific elements of externally inputted data during the construction of a code segment, and c...

Orpak SitOmat Code Injection Vulnerability

Orpak SitOmat is a remote takeover refueling system from Orpak India. A code injection vulnerability exists in Orpak SitOmat, which arises from the failure of a network system or product to properly filter specific elements of externally inputted data during the construction of a code segment, an...

shopify-scripts: Buffer overflow in yywarning_s

PoC === The following demonstrates a crash: 300000000000000000000000000000000000000000000000E0030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Debug...

ZZZCMS zzzphp code injection vulnerability

ZZZCMS zzzphp is a content management system CMS. A code injection vulnerability exists in ZZZCMS zzzphp v1.6.3, which originates from a network system or product that does not properly filter specific elements of externally entered data during the construction of a code segment. An attacker can...

CMS Made Simple Code Injection Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A code injection vulnerability exists in CMSMS version...

Frog CMS Code Injection Vulnerability

Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A code injection vulnerability exists in Frog CMS. An attacker could use this vulnerability to generate...

Frog CMS Code Injection Vulnerability (CNVD-2019-34646)

Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A code injection vulnerability exists in Frog CMS. An attacker could use this vulnerability to generate...

Frog CMS Code Injection Vulnerability (CNVD-2019-34647)

Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A code injection vulnerability exists in Frog CMS. An attacker could use this vulnerability to generate...

Microsoft ChakraCore Security Bypass Vulnerability

Microsoft Chakra is a JavaScript scripting engine used by the Web browser of the United States Microsoft Microsoft. A security bypass vulnerability exists in the scripting engine in Microsoft Chakra. A remote attacker could exploit this vulnerability to bypass execution flow protection CFG...

Microsoft Windows Edge ChakraCore Security Bypass Vulnerability

Microsoft Windows 10 and Windows Server Version 1709 are products of Microsoft Corporation.Microsoft Windows 10 is a cross-platform operating system for PCs and laptops, tablets, and cell phones.Windows Server Version 1709 is a server operating system.Edge is one of the default browsers that come...

Dridex and Locky Return Via PDF Attachments in Latest Campaigns

Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new larg...

Dridex and Locky Return Via PDF Attachments in Latest Campaigns

Dridex and Locky, two prolific malware families that made waves in 2016 after being distributed in several high-volume spam campaigns, have returned after a brief hiatus. FireEye observed a decline in the volume of Dridex and Locky in the latter half of 2016, but we recently observed two new larg...