CVE-2010-20119

CommuniCrypt Mail versions up to and including 1.16 contain a stack-based buffer overflow in the ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically in AddAttachments(). The issue arises from insufficient validation of input string lengths, allowing data to exceed a fixed-size stack buffer a...

CVE-2010-20119

CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments method. This method fails to properly validate the length of input strings, allowing data to exceed th...

CVE-2010-20119 CommuniCrypt Mail <= 1.16 ANSMTP/AOSMTP ActiveX Control Buffer Overflow

CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments method. This method fails to properly validate the length of input strings, allowing data to exceed th...

CVE-2010-10015

AOL versions up to and including 9.5 includes an ActiveX control Phobos.dll that exposes a method called Import via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attacke...

CVE-2010-10015

CVE-2010-10015 affects AOL software up to version 9.5, where Phobos.dll exposes Import() via Phobos.Playlist and suffers a stack-based buffer overflow on long string arguments. Exploitation requires a locally opened malicious HTML file, allowing code execution in the user context. The vulnerabili...

CVE-2010-10015 AOL <= 9.5 Phobos.Playlist 'Import()' Stack-Based Buffer Overflow

AOL versions up to and including 9.5 includes an ActiveX control Phobos.dll that exposes a method called Import via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attacke...

CVE-2025-55371

Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method...

CommuniCrypt Mail 安全漏洞

CommuniCrypt Mail is an encrypted email client from CommuniCrypt. A security vulnerability exists in CommuniCrypt Mail 1.16 and earlier versions, which stems from an unvalidated input length in the AddAttachments method of the ANSMTP.dll and AOSMTP.dll ActiveX controls, which may result in a stac...

Linux Distros Unpatched Vulnerability : CVE-2023-30631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't...

PT-2025-34537 · Undefined · Undefined

CVE-2025-57831 - Apache HTTP Server Unknown Method Response CVE ID : CVE-2025-57831 Published : Aug. 21, 2025, 4:16 a.m. | 3 hours, 59 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

GHSA-X485-RHG3-CQR4 Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Arbitrary Code Injection

Overview rdsearchlogic is a Searchlogic makes using ActiveRecord named scopes easier and less repetitive. Affected versions of this package are vulnerable to Arbitrary Code Injection via the searchinstanceeval parameter, which is dynamically invoked using the send method. An attacker can execute...

CVE-2011-10028

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

CVE-2011-10026 Spreecommerce < 0.50.x API RCE

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

How Agentic AI Helps with Adaptive Cloud Risk Assessment with Agent Vikram

In fast-moving cloud environments like AWS, security teams face an uncomfortable truth: not every EC2 instance is being scanned, existing tools don’t work across a diverse environment that includes long-lived and ephemeral assets, and visibility is never complete. Qualys research found that over...

PT-2025-34109 · Undefined · Undefined

The RealNetworks RealArcade platform includes an ActiveX control InstallerDlg.dll, version 2.6.0.445 that exposes a method named Exec via the StubbyUtil.ProcessMgr COM object. This method allows remote attackers to execute arbitrary commands on a victim's Windows machine without proper validation...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Spree Commerce is vulnerable to RCE through Search API

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

Linux Distros Unpatched Vulnerability : CVE-2020-26137

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the...

Linux Distros Unpatched Vulnerability : CVE-2019-16943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...