42 matches found
EUVD-2015-7720
Malware in sbrugna...
EUVD-2019-9382
Malware in sbrugna...
EUVD-2002-1386
Malware in sbrugna...
EUVD-2004-2036
Malware in sbrugna...
EUVD-2023-0182
Malicious code in bioql PyPI...
PT-2025-31538 · Undefined · Undefined
ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc upload image.php script located at /admin area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Once uploaded, the attacker can access the fi...
WordPress Team Showcase plugin cross-site scripting vulnerability
WordPress Team Showcase Plugin is a plugin for displaying team members on a website, which is mainly used on the official website of a business or studio to display core member information in a visual way to enhance the sense of trust. The WordPress Team Showcase plugin suffers from a cross-site...
PT-2025-29225 · Apache · Apache Server
Name of the Vulnerable Software and Affected Versions: Apache Server affected versions not specified Description: An Improper Privilege Management issue exists that could allow privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a set...
CVE-2023-27394
Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through a HTTP GET parameter called by DataLogView.php, EventsView.php and AlarmsView.php scripts...
LLaMA-Factory Allows Arbitrary Code Execution via Unsafe Deserialization in Ilamafy_baichuan2.py
Description A critical vulnerability exists in the llamafybaichuan2.py script of the LLaMA-Factory project. The script performs insecure deserialization using torch.load on user-supplied .bin files from an input directory. An attacker can exploit this behavior by crafting a malicious .bin file th...
CVE-2025-27554
CVE-2025-27554 affects ToDesktop builds prior to 2024-10-03 where a postinstall script in package.json can be abused to execute arbitrary commands on the build server (e.g., reading secrets from the desktopify config.prod.json) and deploy updates to any app. Multiple sources note no exploitation ...
PT-2025-1233 · Spagobi · Spagobi
Name of the Vulnerable Software and Affected Versions: SpagoBI version 3.5.1 Description: The issue is related to the script input feature of SpagoBI, which allows arbitrary code execution. This is due to the lack of measures to neutralize special elements used in the command input field...
PT-2022-2530
Name of the Vulnerable Software and Affected Versions Redis versions prior to 7.0.0 and 6.2.7 Description The issue is related to weaknesses in the Lua script execution environment in Redis, which can be exploited by a less privileged user to inject Lua code that will execute with potentially...
CVE-2018-12392
CVE-2018-12392 is a vulnerability affecting Firefox (pre-63 and ESR pre-60.3) and Thunderbird (pre-60.3) where manipulating user events in nested loops while opening a document via script can trigger a crash due to poor event handling. Public advisories list the impact as a potentially exploitabl...
Windows Defender ATP の機械学習と Antimalware Scan Interface: スクリプトを悪用した「環境寄生型」攻撃の検出
本記事は、Microsoft Secure のブログ “Windows Defender ATP machine learning and AMSI: Unearthing script-based attacks that ‘live off the land’”...
avast! 4.7 aavmker4.sys privilege escalation
No description provided by source. !/usr/bin/python avast! 4.7 aavmker4.sys privilege escalation http://www.trapkit.de/advisories/TKADV2008-002.txt CVE-2008-1625 Tested on WindXpSp2/Sp3 Dep ON Matteo Memelli ryujin A-T offensive-security.com www.offensive-security.com Spaghetti & Pwnsauce -...
ES Simple Uploader 1.1 Shell Upload
======================================================================================== | Title : ES Simple Uploader v 1.1 Upload Shell Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -00213771818860 | | Web Site :...
Ubuntu 6.06 LTS : firefox vulnerabilities (USN-296-1)
Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. MFSA 2006-35, CVE-2006-2775 Paul Nickerson discovered that content-defined setters o...
Visual Events Calendar 1.1 (cfg_dir) Remote Include Vulnerability
No description provided by source. title: Visual Events Calendar v1.1 cfgdir Remote Inclusion Vulnerability Author: xoron script: Visual Events Calendar v1.1 Class : Remote cont@ct: x0r0nathotmaildotcom CODE: include $cfgdir."customizetext.php"; Exploit:...
Basic Forum 1.1 - 'edit.asp' SQL Injection
Title : basicforum v 1.1 edit.asp Remote SQL Injection Vulnerability Author : bolivar Dork : "This script created by www.script.canavari.com" ---------------------------------------------------------------------------...