Weaponizing cross site scripting: When one bug isn’t enough

Cross-Site Scripting XSS is often underestimated as a minor vulnerability. In reality, XSS can open the door to more severe attacks when combined with other vulnerabilities...

PT-2024-21691 · Toshiba · Toshiba Printers

Name of the Vulnerable Software and Affected Versions: Toshiba printers affected versions not specified Description: The issue concerns a shell script in Toshiba printers that uses a hardcoded key for log encryption. An attacker can exploit this by decrypting the encrypted files using the hardcod...

PT-2023-28261 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...

SUSE CVE-2010-2165

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service memory corruption or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-2160, CVE-2010-2166, CVE-2010-2171,...

SUSE CVE-2015-0332

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2015-0333,...

Microsoft Message Queuing 信息泄露漏洞

Microsoft Message Queuing technology allows applications running at different times to communicate on heterogeneous networks and systems that are temporarily offline.An information disclosure vulnerability exists in Microsoft Message Queuing. An attacker could exploit this vulnerability to execut...

UBUNTU-CVE-2021-43528

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift Serverless, which is due to an incomplete fix for other Red Hat vulnerabilities...

Microsoft Office SharePoint 信息泄露漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. An information...

IBM Spectrum Protect Plus username Command Injection

The IBM Spectrum Protect Plus administrative console running on the remote host is affected by a remote command injection vulnerability due to improper validation of user-supplied data when processing a login HTTP request. An unauthenticated, remote attacker can exploit this, via a specially...

CVE-2019-19126

A vulnerability was discovered in glibc where the LDPREFERMAP32BITEXEC environment variable is not ignored when running binaries with the setuid flag on x8664 architectures. This allows an attacker to force system to utilize only half of the memory making the system think the software is 32-bit...

CVE-2019-13539

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform VLFT10GEN software version 4.0.0 and below, and Valleylab FX8 Energy Platform VLFX8GEN software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based...

CVE-2019-1022

An elevation of privilege exists in Windows Audio Service. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated privileges. To exploit the vulnerability, an attacker could run a specially crafted application that could exploit the vulnerability. This...

CVE-2016-6990

Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-4273,...

Vulnerabilities in the Internet Explorer browser, which allow a malicious attacker to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities in Internet Explorer allow attackers to elevate their privileges level. By exploiting these vulnerabilities, attackers cannot execute arbitrary code, but they can use them to exploit other vulnerabilities with elevated privileges e.g., to execute arbitrary code...

The vulnerability of the Internet Explorer browser, which allows a malicious actor to execute web scripts with elevated privileges

The Internet Explorer browser contains a vulnerability that allows a malicious attacker to elevate their privileges level. By exploiting this vulnerability, a malicious individual cannot execute arbitrary code, but they can use it to exploit other vulnerabilities with elevated privileges for...

CVE-2016-2020

HPE Systems Insight Manager SIM before 7.5.1 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2016-2017, CVE-2016-2019, CVE-2016-2021, CVE-2016-2022, and CVE-2016-2030...

UBUNTU-CVE-2016-1028

Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors, a different vulnerability than CVE-2016-1012,...

CVE-2013-1873

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-2634, CVE-2013-2635, CVE-2013-2636. Reason: This candidate is a duplicate of CVE-2013-2634, CVE-2013-2635, and CVE-2013-2636. Notes: All CVE users should reference one or more of CVE-2013-2634, CVE-2013-2635, and CVE-2013-263...

CVE-2011-5093

Best Practical Solutions RT 4.x before 4.0.6 does not properly implement the DisallowExecuteCode option, which allows remote authenticated users to bypass intended access restrictions and execute arbitrary code by leveraging access to a privileged account, a different vulnerability than...