CVE-2025-21042

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code...

CVE-2018-9411

In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2018-9341

In impeg2dmcfullxfully of impeg2dmc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation...

PT-2024-20423 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the "edit-photo.php" component. This is due to an Unrestricted File Upload vulnerability. Recommendations: For Employee...

PT-2023-8435 · Ibm · Ibm I Access Client Solutions

Name of the Vulnerable Software and Affected Versions: IBM i Access Client Solutions versions 1.1.2 through 1.1.4 IBM i Access Client Solutions versions 1.1.4.3 through 1.1.9.3 Description: The issue is related to insufficient authorization procedure in the IBM i Access Client Solutions, allowing...

CVE-2023-39238 ASUS RT-AX55、RT-AX56U_V2 - Format String - 1

It is identified a format string vulnerability in ASUS RT-AX56U V2. This vulnerability is caused by lacking validation for a specific value within its setiperf3svr.cgi module. A remote attacker with administrator privilege can exploit this vulnerability to perform remote arbitrary code execution,...

Format string

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessagenormal function, in the dodetwancgi module of httpd. An unauthenticated remote attacker without privilege can...

Debian: Security Advisory (DSA-5413-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-3406-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518

A vulnerability has been discovered in Citrix Gateway and Citrix ADC, listed below, that, if exploited, could allow an unauthenticated remote attacker to perform arbitrary code execution on the appliance. CVE-ID| Description| CWE| Affected Products| Pre-conditions ---|---|---|---|---...

Remote code execution

In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary loca...

Ubuntu 16.04 ESM : ncurses vulnerabilities (USN-5448-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5448-1 advisory. It was discovered that ncurses was not properly checking array bounds when executing the fmtentry function, which could result in an out-of-bounds write...

PT-2021-6247 · Microsoft · Defender For Iot

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for IoT affected versions not specified Description: The issue is related to incorrect code generation management in Microsoft Defender for IoT. It can be exploited by a remote attacker using a specially crafted request,...

CVE-2020-29205

XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field...

Panasonic Video Insight VMS vulnerable to arbitrary code execution

Overview Video Insight VMS provided by Panasonic Corporation contains an arbitrary code execution vulnerability CWE-94 because unencrypted communication exists in the communication using non-well known ports. Panasonic Corporation reported this vulnerability to JPCERT/CC to notify users of its...

CVE-2020-28144

Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code...

D-Link DNS Devices RCE Vulnerability (SAP10183) - Active Check

D-Link DNS-320 devices are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPEPREFIX =...

CVE-2020-29474

EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...

Sql injection

EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution...

CVE-2020-26049

Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution...