Folding@home fah-control Security Vulnerability

fah-control is a Folding@home open source Client Advanced Control GUI. A security vulnerability exists in the Folding@home Client Advanced Control GUI that allows an attacker to execute arbitrary code by manipulating the parsemessage function...

Stored XSS on user "Write private message" function

Description An attacker can inject malicious executable scripts into the code of the message field. Proof of Concept Log in as a Member user, access Messages - Write private message function for sending admin a message.COde Insert this payload into the message field testscriptprompt'1'/script the...

CVE-2023-33253

LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...

CVE-2023-33253

LabCollector 6.0 though 6.15 allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The vulnerability is in the message function, and is due to insufficient validation of the file such as shell.jpg.php.shell being...

PT-2023-24247 · Unknown · Labcollector

Name of the Vulnerable Software and Affected Versions: LabCollector versions 6.0 through 6.15 Description: The issue allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The problem is due to insufficient validati...

SUSE CVE-2019-10149

A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to remote command execution...

PT-2022-33884 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.61 Description: A potential memory leak issue exists in the mt76x02u mcu send msg function of the mt76x02u driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

PT-2022-12752 · Jsish · Jsish

Name of the Vulnerable Software and Affected Versions: Jsish version 3.5.0 Description: A stack overflow issue was discovered in Jsish via the Jsi LogMsg function at src/jsiUtils.c. Recommendations: For Jsish version 3.5.0, consider disabling the Jsi LogMsg function as a temporary workaround unti...

MCPP 2.7.2 has a heap-based buffer overflow in the do_msg() function in support.c.

...

NCH IVM Attendant Remote Code Execution Vulnerability

NCH IVM Attendant is a complete voicemail, call attendant, and IVR solution for Windows.A security vulnerability exists in NCH IVM Attendant, which stems from the fact that if the pathname of a ZIP element is set to the Windows startup folder, a file with a built-in Out-Going Message function, or...

Exploit for Server-Side Request Forgery in Ibm Datapower_Gateway

datapower-redis-rce-exploit CVE-2020-5014 A POC for IBM Data...

ALPINE-CVE-2019-14274

MCPP 2.7.2 has a heap-based buffer overflow in the domsg function in support.c...

Exim Remote Code Execution Vulnerability

Exim is an open source messaging agent MTA developed by the University of Cambridge in the UK that runs on Unix systems and is responsible for routing, forwarding and delivering mail. A security vulnerability exists in the 'receivemsg' function of the receive.c file of the SMTP daemon in Exim...

DEBIAN-CVE-2017-16944

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service infinite loop and stack exhaustion via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the...

GNU oSIP libosip2 Denial of Service Vulnerability

GNU oSIP is a library developed by the GNU Project to provide developers with an interface to multimedia and communications. libosip2 is a standard library for multithreading safety written in C. It is a library for the development of multimedia and communication applications. A denial of service...

Stored Cross-site Scripting Vulnerability in DM Enterprise Website System Message Function

DM enterprise building system is developed by php + mysql a set of specialized in small and medium-sized enterprise website construction of open source cms. DM enterprise website building system message function there is a stored cross-site scripting vulnerability , the vulnerability due to the...

systemd 'manager_invoke_notify_message()' function local denial of service vulnerability

systemd is a Linux-based system and service manager developed by German software developer Lennart Poettering and others. It is compatible with the SysV and LSB startup scripts and provides a framework for representing dependencies between system services. A denial of service vulnerability exists...

Design/Logic Flaw

The message function in lib/webbynode/notify.rb in the Webbynode gem 1.0.5.3 and earlier for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a growlnotify message...

yourphp cms-stored xss-vulnerability warning-the black bar safety net

yourphp is based on thinkphp framework for the development of the open source cms, there is a storage-typexssvulnerability In the demo of the cms when found this vulnerability, in order to have the power of persuasion, then using the official demo displayxssprocess, In yourphp official...

CVE-2012-2369

Format string vulnerability in the logmessagecb function in otr-plugin.c in the Off-the-Record Messaging OTR pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message...