4202 matches found
CVE-2024-37821
An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file...
CVE-2024-37079
creationtimestamp| type| source ---|---|--- 2024-06-18 10:35:10+00:00| seen| Telegram/obSPr9PV0DaqSLTggJciA2CpsnkCDUqehnwTxKSd-hA48 2024-06-18 10:56:22+00:00| seen| https://t.me/thehackernews/5132 2024-06-18 11:00:18+00:00| seen| https://t.me/KomunitiSiber/2122 2024-06-18 11:45:57+00:00| seen|...
GNU Global 安全漏洞
GNU Global is a free code tagging system for the US GNU community. A code execution vulnerability exists in GNU Global that stems from the use of shell metacharacters, no details of the vulnerability are provided at this time...
Command Execution Vulnerability in FineReport by SailSoft Software Ltd.
FineReport is reporting software tool. A command execution vulnerability exists in FineReport by SailSoft Software Ltd. that can be exploited by an attacker to execute arbitrary commands...
CVE-2024-5950 Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to...
Autodesk AutoCAD 3DM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of 3...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
CVE-2024-35249 Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability
...
CVE-2024-30072
CVE-2024-30072 is a Windows Event Logging Service vulnerability described as a Windows Event Trace Log File Parsing Remote Code Execution vulnerability. Affected product is Microsoft Windows (Event Logging Service); the underlying issue relates to parsing Event Trace Log files that can lead to ar...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. Fortinet FortiOS suffers from a...
Security Updates for Microsoft SharePoint Server 2019 (June 2024)
The Microsoft SharePoint Server 2019 installation on the remote host is missing security updates. It is, therefore, affected by a local code execution vulnerability. An attacker can exploit this with a specially crafted file to bypass authentication and execute unauthorized arbitrary commands...
Command Execution Vulnerability in EG2000CE of Beijing StarNet Ruijie Network Technology Co. Ltd (CNVD-2024-29028)
The EG2000CE is a smart router. A command execution vulnerability exists in the EG2000CE of Beijing StarNet Ruijie Network Technology Company Limited, which can be exploited by an attacker to execute arbitrary commands...
CVE-2024-5301 Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...
Arbitrary JavaScript execution due to using outdated libraries
Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...
CVE-2024-37273
An arbitrary file upload vulnerability in the /v1/app/appendFileSync interface of Jan v0.4.12 allows attackers to execute arbitrary code via uploading a crafted file...
Google Chrome Code Execution Vulnerability (CNVD-2024-26519)
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in versions prior to Google Chrome 125.0.6422.141, which can be exploited by a remote attacker to execute arbitrary code via a crafted HTML page inside a sandbox...
MGASA-2024-0209 Updated libreoffice packages fix security vulnerability
Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted...
Unrestricted Upload Of File With Dangerous Type
silverstripe/framework is vulnerable for Unrestricted Upload Of File With Dangerous Type. The vulnerability is due to the lack of proper validation and sanitization of uploaded file types, which allows an attacker to upload executable file formats...
Command Execution Vulnerability in NBR6135-E at Beijing StarNet Ruijie Network Technology Co.
The NBR6135-E is a router. A command execution vulnerability exists in the NBR6135-E of Beijing StarNet Ruijie Network Technology Co. that can be exploited by an attacker to execute commands...
D-Link D-View Code Execution Vulnerability
D-Link D-View is a network management system from D-Link, which is mainly used to centrally manage the performance, security and reliability of network devices. A code execution vulnerability exists in D-Link D-View, which can be exploited by an attacker to execute arbitrary code...