CVE-2026-4015

A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtinprocesstexml of the file src/filters/loadtext.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit...

CVE-2025-26449

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

BIT-MASTODON-2023-42450 Mastodon Server-Side Request Forgery vulnerability

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if...

Micro Focus Filr 3.4.0.217 Path Traversal / Privilege Escalation Vulnerabilities

Micro Focus Filr version 3.4.0.217 suffers from privilege escalation and path traversal vulnerabilities. Micro Focus Filr Multiple Vulnerabilities 1. Advisory Information Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL:...

GIGABYTE Driver Privilege Escalation

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ GIGABYTE Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title: GIGABYTE Drivers Elevation of Privilege Vulnerabilities Advisory ID: CORE-2018-0007 Advisory URL:...

QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities

QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 1. Advisory Information Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2018-0006...

Trend Micro Email Encryption Gateway XSS / Code Execution

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL:...

Dell EMC Isilon OneFS XSS / Code Execution / CSRF

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...

Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution Vulnerabilities

Exploit for multiple platform in category remote exploits Kaspersky Secure Mail Gateway Multiple Vulnerabilities 1. Advisory Information Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory URL:...

Trend Micro Smart Protection OS Command Injection

1. Advisory Information Title: Trend Micro Smart Protection OS Command Injection Advisory ID: CORE-2017-0004 Advisory URL:http://www.coresecurity.com/core-labs/advisories/trend-micro-smart-protection-os-command-injection Date published: 2017-08-23 Date of last update: 2017-08-23 Vendors contacted...

Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution

Advisory Information Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL: http://www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities Date published: 2017-06-28 Date of last update: 2017-06-28 Vendors...

Information Disclosure in PeopleSoft Listening Connector

Application: Oracle PeopleSoft Versions Affected: Oracle PeopleTools 8.54 – 8.56 Vendor: Oracle Bugs: Information Disclosure Reported: 15.06.2017 Vendor response: 16.06.2017 Date of Public Advisory: 17.01.2018 Reference: Oracle CPU January 2018 Authors: Dmitri Iudin aka @ret5et ERPScan...

SAP NetWeaver disp+work anonymous denial of service with crafted DIAG request

Application: SAP NetWeaver Versions Affected: SAP NetWeaver disp+work 7.4 Vendor URL: SAP Bugs: DoS Reported: 13.12.2016 Vendor response: 14.12.2016 Date of Public Advisory: 14.03.2017 Reference: SAP Security Note 2405918 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class: DoS Impac...

SAP SAPCAR - Multiple Vulnerabilities

SAP SAPCAR - Multiple Vulnerabilities 1. Advisory Information Title: SAP CAR Multiple Vulnerabilities Advisory ID: CORE-2016-0006 Advisory URL: http://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities Date published: 2016-08-09 Date of last update: 2016-08-09 Vendors contacted: SAP...

SAP Adaptive Server Enterprise - DoS vulnerability

Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: SAP Bug: Denial of Service Reported: 01.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author: Vahgan Vardanyan ERPScan...

Schneider Electric Modicon M340 PLC Station P34 Module HMI Vulnerabilities

Update Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON. The Industrial Control System Cyber Emergency Response Team ICS-CERT released an alert late last week and patches are currently being validated according to ICS-CE...

AirLink101 SkyIPCam1620W OS Command Injection Vulnerability

Exploit for hardware platform in category web applications 1. Advisory Information Title: AirLink101 SkyIPCam1620W OS Command Injection Advisory ID: CORE-2015-0011 Advisory URL: http://www.coresecurity.com/advisories/airlink101-skyipcam1620w-os-command-injection Date published: 2015-07-08 Date of...

ZTE AC 3633R USB Modem - Multiple Vulnerabilities

Exploit Title: ZTE AC 3633R USB Modem Multiple Vulnerabilities Date: 4/06/2015 Exploit Author: Vishnu @dH3wK Vendor Homepage: http://zte.com.cn Version: 3633R Tested on: Windows, Linux Greetings from vishnu @dH4wk 1. Vulnerable Product Version - ZTE AC3633R MTS Ultra Wifi Modem 2. Vulnerability...

SAP LZC/LZH Compression Multiple Vulnerabilities

Advisory ID Internal CORE-2015-0009 1. Advisory Information Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL:https://www.coresecurity.com/core-labs/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last...

Dolibarr ERP & CRM OS Command Injection

No description provided by source. Dolibarr ERP & CRM OS Command Injection =================================== 1. Advisory Information Date published: 2012-4-6 Vendors contacted: Dolibarr Release mode: Coordinated release 2. Vulnerability Information Class: Injection Remotely Exploitable: Yes...