CVE-2020-24772

In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relaye...

CVE-2024-51005

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the sharename parameter at usbremotesmbconf.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

CVE-2024-50995

CVE-2024-50995 affects Netgear R8500 v1.0.2.160. A stack overflow in the usb_remote_smb_conf.cgi component, triggered by the share_name parameter, allows a crafted POST request to cause a Denial of Service. The Red Hat, NVD, CVE lists and enrichment sources confirm this vulnerability and its basi...

PT-2024-8390 · NetGear · Netgear R8500

Name of the Vulnerable Software and Affected Versions: Netgear R8500 version 1.0.2.160 Description: The issue is related to a command injection vulnerability in the share name parameter at the "usb remote smb conf.cgi" endpoint. This vulnerability allows attackers to execute arbitrary OS commands...

Microsoft Outlook Information Disclosure Vulnerability

An information disclosure vulnerability exists in Outlook when a message is opened. This vulnerability could potentially result in the disclosure of sensitive information to a malicious site. To exploit the vulnerability, an attacker would have to send a malicious email to a user and convince the...

CVE-2015-3237

The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...

Out-of-bounds

The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...

CVE-2015-3237

The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...

CVE-2015-3237

The smbrequeststate function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service out-of-bounds read and crash via crafted length and offset values...

CVE-2011-2899

pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in foomatic-gui and possibly other products, allows remote SMB servers to execute arbitrary commands via shell metacharacters in the 1 NetBIOS or 2 workgroup name, which are not properly handled when searching for network printers...

Skype URI Handler Input Validation

, , . .' '. ', . , '. , ., , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Skype URI Handler Input Validation Versions affected: All versions prior to 4.2.0.1.55 v4.2 hotfix 1 +-----------+ |Description| +-----------+ The Windows Skype client implements tw...

Skype - URI Handler Input Validation

Skype - URI Handler Input Validation Description The Windows Skype client implements two URI handlers, Skype: and Skype-Plugin. Both handlers allow for easy browser integration and are supported by all modern browsers. When a Skype link is clicked, the Skype.exe process is spawned with the /URI:...

Skype URI Handler Input Validation

, , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Skype URI Handler Input Validation Versions affected: All versions prior to 4.2.0.1.55 v4.2 hotfix 1 +-----------+ |Description| +-----------+ The Windows...

CVE-2009-0139

Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows remote SMB servers to cause a denial of service system shutdown or execute arbitrary code via a crafted SMB file system that triggers a heap-based buffer overflow...

Code injection

The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters...

CVE-2002-1534

Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share...