154 matches found
CVE-2011-10023
MJM QuickPlayer also known as MJM Player version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code...
CVE-2011-10024
CVE-2011-10024 affects MJM Core Player (2011) where the .s3m file parser has a stack-based buffer overflow due to improper bounds checking. The vulnerability is triggered when a user opens a crafted .s3m file, allowing an attacker to overwrite stack memory and execute arbitrary code. Exploitation...
CVE-2011-10024 MJM Core Player 2011 .s3m File Stack-Based Buffer Overflow
MJM Core Player likely now referred to as MJM Player 2011 is vulnerable to a stack-based buffer overflow when parsing specially crafted .s3m music files. The vulnerability arises from improper bounds checking in the file parser, allowing an attacker to overwrite memory on the stack and execute...
PT-2025-34104
Name of the Vulnerable Software and Affected Versions MJM QuickPlayer version 2010 Description MJM QuickPlayer also known as MJM Player contains a stack-based buffer overflow triggered by opening a malicious .s3m music file. This issue arises from improper bounds checking in the file parser, whic...
APSB25-60 : Security update available for Adobe InDesign
Adobe has released a security update for Adobe InDesign. This update addresses critical vulnerabilities that could lead to arbitrary code execution...
CVE-2017-8776
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 have approximately 165 PE files in the default installation that do not use ASLR/DEP protection mechanisms that provide sufficient defense against directed attacks against the...
Ensure That Removable Device Partitions Are Mounted Using noexec and nodev
The security of removable devices cannot be ensured completely due to a lot of factors, such as the source, usage, and transportation process. In this sense, removable devices are the main host for viruses. Therefore, removable devices must be mounted using noexec and nodev to improve security an...
Using Valgrind on Chrome
Brief script that demonstrates running valgrind and afl-fuzz on Google Chrome. This favorite code for security auditing and memory leak detection with Valgrind runs the Valgrind tool and several other tools to check for memory leaks, which can lead to resource buffer overflows and more. Exploit /...
APSB25-10 : Security update available for Adobe InCopy
Adobe has released a security update for Adobe InCopy. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary code execution...
APSB25-08 : Security update available for Adobe Commerce
Adobe has released a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, security feature bypass and privilege escalation...
CVE-2024-45398
Contao is an Open Source CMS. In affected versions a back end user with access to the file manager can upload malicious files and execute them on the server. Users are advised to update to Contao 4.13.49, 5.3.15 or 5.4.3. Users unable to update are advised to configure their web server so it does...
PT-2025-4053 · Unknown · Esafenet Cdg
Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version V5 Description: A critical issue has been found in an unknown functionality of the file "/todoDetail.jsp". The manipulation of the flowId argument leads to SQL injection. The attack can be launched remotely. The exploit h...
CVE-2024-41953
ZITAdel ( Zitadel ) has a vulnerability (CVE-2024-41953) due to improper HTML sanitization in emails and Console UI. The issue allows untrusted user- or admin-provided content (such as usernames and email body content) to include HTML/JS that could render in emails and user pages. Impact describe...
Exploit for CVE-2023-47400
CVE-2023-47400 Proof of Concept for the CVE-2023-47400 Aut...
PT-2024-14051 · Buffalo · Buffalo Ls210D
Name of the Vulnerable Software and Affected Versions: Buffalo LS210D version 1.78-0.03 Description: The issue allows a remote attacker to execute arbitrary code via the Firmware Update Script at "/etc/init.d/update notifications.sh". Recommendations: For Buffalo LS210D version 1.78-0.03, as a...
CVE-2023-29044
Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get...
SUSE-SU-2023:4130-1 Security update for grub2
This update for grub2 fixes the following issues: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. bsc1215935 - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. bsc1215936...
SUSE CVE-2017-7782
An error in the "WindowsDllDetourPatcher" where a RWX "Read/Write/Execute" 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird 52.3, Firefox...
SUSE CVE-2017-15785
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called from CADImage+0x0000000000286a79."...
CLSA-2022-1656959440 Fixed CVE-2016-10009 in openssh-5.3p1
CVE-2016-10009: add whitelist of paths which may ssh-agent load from in order to prevent execution of arbitrary local pkcs11...