ABB MicroSCADA Pro SYS600 输入验证错误漏洞

ABB MicroSCADA Pro SYS600 is a suite of monitoring and data acquisition software from ABB Switzerland. The software is used for substation automation, SCADA electrical, distribution management applications and industrial power management. ABB MicroSCADA Pro SYS600 suffers from a code execution...

CVE-2022-45461

The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users that have been explicitly added to the auth.conf file to execute arbitrary commands as root...

CVE-2022-43030

Siyucms v6.1.7 was discovered to contain a remote code execution RCE vulnerability in the background. SIYUCMS is a content management system based on ThinkPaP5 AdminLTE. SIYUCMS has a background command execution vulnerability, which can be used by attackers to gain server privileges...

CVE-2022-44089

ESPCMS P8.21120101 was discovered to contain a remote code execution RCE vulnerability in the component ISGETCACHE...

CVE-2022-43277

Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via ip/youthappam/phpaction/editFile.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Democritus Project d8s-networking code execution vulnerability (CNVD-2022-84125)

Democritus Project is a collection of simple, effective, modular, well-tested and well-documented features from Democritus. A code execution vulnerability exists in Democritus Project d8s-networking, which stems from the existence of a potential code execution backdoor inserted by a third party i...

PYSEC-2022-43084

The d8s-python for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-algorithms package. The affected version of d8s-htm is 0.1.0...

Gentoo 代码问题漏洞

Gentoo is an open source Linux system from the Gentoo Foundation. A code issue vulnerability exists in Gentoo lesspipe versions prior to 2.06. An attacker can exploit this vulnerability to execute code via a Perl Storable pst file...

CVE-2022-43078

A cross-site scripting XSS vulnerability in /admin/add-fee.php of Web-Based Student Clearance System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddept parameter...

CVE-2022-39978

Online Pet Shop We App v1.0 was discovered to contain an arbitrary file upload vulnerability via the Editing function in the Product List module. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file uploaded through the picture upload point...

CVE-2022-39286 Execution with Unnecessary Privileges in JupyterApp

Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in jupytercore that stems from jupytercore executing untrusted files in CWD. This vulnerability allows one user to run code as...

PT-2022-21926 · WordPress · Wp All Export Pro

Name of the Vulnerable Software and Affected Versions: WP All Export Pro versions prior to 1.7.9 Description: The issue allows any logged-in user with export privileges to execute arbitrary code on the site, despite the default restriction to administrators. This is because the plugin does not...

Abode Iota 操作系统命令注入漏洞

Abode Iota is a reliable Diy home security system from Abode. An operating system command injection vulnerability exists in Abode Iota All-In-One Security Kit versions 6.9X and 6.9Z. An attacker could execute arbitrary commands by exploiting this vulnerability...

Apple iOS和iPadOS 资源管理错误漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for the iPad tablet computer. A security vulnerability exists in Apple iOS and iPadOS. An attacker could use this vulnerability to execute...

CVE-2022-42940

A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

Markdownify Code Execution Vulnerability

Markdownify is a minimal Markdown Editor desktop application built on Electron. A code execution vulnerability exists in Markdownify. The vulnerability stems from a failure of a networked system or product to properly filter specific elements of externally entered data during the construction of ...

PT-2022-26664 · Autodesk · Designreview.Exe

Name of the Vulnerable Software and Affected Versions: DesignReview.exe affected versions not specified Description: A maliciously crafted .dwf or .pct file consumed through the DesignReview.exe application could lead to a memory corruption issue due to a write access violation. This issue, in...

CVE-2022-42934

A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

PT-2022-26669 · Autodesk · Designreview.Exe

Name of the Vulnerable Software and Affected Versions: DesignReview.exe affected versions not specified Description: A maliciously crafted dwf or .pct file consumed through the DesignReview.exe application could lead to a memory corruption issue due to a read access violation. This issue, when...

PT-2022-25809 · Autodesk · Autodesk Design Review

Name of the Vulnerable Software and Affected Versions: Autodesk DesignReview versions affected versions not specified Description: A maliciously crafted .dwf or .pct file consumed through the DesignReview.exe application could lead to a memory corruption issue due to a write access violation. Thi...