CVE-2023-21718 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

...

CVE-2023-24994

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the...

CVE-2023-24978

A vulnerability has been identified in Tecnomatix Plant Simulation All versions V2201.0006. The affected application is vulnerable to uninitialized pointer access while parsing specially crafted SPP files. An attacker could leverage this vulnerability to execute code in the context of the current...

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: February 14, 2023 (KB5002325)

Description of the security update for SharePoint Enterprise Server 2016 Language Pack: February 14, 2023 KB5002325 Summary This security update resolves a Microsoft SharePoint Server elevation of privilege vulnerability and Microsoft Word remote code execution vulnerability. To learn more about...

End of support for Office 2016 and Office 2019

None None...

CVE-2022-45104

Dell Unisphere for PowerMax vApp, VASA Provider vApp, and Solution Enabler vApp version 9.2.3.x contain a command execution vulnerability. A low privileged remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands on the underlying system...

CVE-2023-24576

EMC NetWorker may potentially be vulnerable to an unauthenticated remote code execution vulnerability in the NetWorker Client execution service nsrexecd irrespective of any auth used...

CVE-2023-24163

SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine...

CVE-2022-48116

AyaCMS v3.1.2 was discovered to contain a remote code execution RCE vulnerability via the component /admin/tpledit.inc.php...

CVE-2022-41000

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40989

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40718

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue...

CVE-2022-40720

This vulnerability allows network-adjacent attackers to execute arbitrary commands on affected installations of D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Dreambox plugin for the xupnpd service, which listens on...

CVE-2022-42382

This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

Command Injection

froxlor/froxlor is vulnerable to Command Injection. The vulnerability is due to an Arbitrary File Write in the logging module which allows an attacker to overwrite an arbitrary file, and Template Injection. A remote authenticated attacker can chain these vulnerabilities together, resulting in...

CVE-2021-37774

An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code...

CVE-2022-45928

A remote OScript execution issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and executes Oscript...

Command Execution Vulnerability in TOTOLINK T8

The TOTOLINK T8 is a wireless dual-band router. A command execution vulnerability exists in TOTOLINK T8, which can be exploited by an attacker to gain control of the server...

MGASA-2023-0003 Updated ctags packages fix security vulnerability

A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags in sort.c calls the system3...

CVE-2023-21548

Windows Secure Socket Tunneling Protocol SSTP Remote Code Execution Vulnerability...