187 matches found
PT-2023-21336 · Wondershare · Wondershare Pdf Reader
Name of the Vulnerable Software and Affected Versions: Wondershare Technology Co.,Ltd PDF Reader version 1.0.1 Description: An issue in Wondershare Technology Co.,Ltd PDF Reader allows a remote attacker to execute arbitrary commands via the pdfreader setup full13143.exe file. Recommendations: For...
SUSE CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...
Malicious Package
Overview ceedee is a malicious package. This is a "dependency confusion" package, which means the package name is based on existing repositories, namespaces, or components, it aims to trick users into downloading the package which contains a malicious code. This package exfiltrates user data such...
The vulnerability of the setup.php configuration file of the universal monitoring system Zabbix, related to authentication errors, allows a intruder to modify the configuration parameters.
The vulnerability of the setup.php configuration file of the Zabbix monitoring system is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify the configuration parameters remotely...
CVE-2022-23134
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...
CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists
After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...
CVE-2021-41383
setup.cgi on NETGEAR R6020 1.0.0.48 devices allows an admin to execute arbitrary shell commands via shell metacharacters in the ntpserver field...
CVE-2020-7817
MyBrowserPlus downloads the files needed to run the program through the setup file Setup.inf. At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files...
Circontrol CirCarLife Information Disclosure Vulnerability (CNVD-2018-20063)
Circontrol CirCarLife is a parking lot automation system from Circontrol, Spain. A security vulnerability exists in Circontrol CirCarLife versions prior to 4.3, which originates from the program storing sensitive information elements in JSON format in the /services/system/setup.json file. An...
TP-Link TL-WA850RE Remote Arbitrary Code Execution Vulnerability
The TP-Link TL-WA850RE is a wireless extender. A remote arbitrary code execution vulnerability exists in the TP-Link TL-WA850RE Wi-Fi Range Extender using TL-WA850RE v5 firmware. A remote attacker can exploit this vulnerability by sending the 'wpssetuppin' parameter with shell metacharacters to t...
Setup file of advance preparation untrusted search path vulnerability
Setup file of advance preparation is an installation file for a series of software released by the National Tax Agency NTA of Japan. An untrusted search path vulnerability exists in the Setup file of advance preparation installer. An attacker can exploit this vulnerability to gain privileges via ...
Design/Logic Flaw
Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software WEB version 1.17.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2226
Untrusted search path vulnerability in Setup file of advance preparation for e-Tax software WEB version 1.17.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2215
Untrusted search path vulnerability in Installer of "Setup file of advance preparation" jizensetup.exe The version which was available on the website prior to 2017 June 12 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2017-2215
The CVE-2017-2215 entry concerns the Installer for the National Tax Agency’s "Setup file of advance preparation" (jizen_setup.exe). Connected sources confirm an untrusted DLL search path vulnerability in the installer, which could allow arbitrary code execution with the privileges of the invoking...
CVE-2017-2226
CVE-2017-2226 concerns a DLL search-path vulnerability in the Setup file of the National Tax Agency’s e-Tax software (WEB version). The installer for versions up to 1.17.0/1.17.1 insecurely loads dynamic libraries from an unspecified directory, enabling arbitrary code execution when a user runs t...
CVE-2017-2215
Untrusted search path vulnerability in Installer of "Setup file of advance preparation" jizensetup.exe The version which was available on the website prior to 2017 June 12 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Shield Spirit Public Promotion System setup.php has a reinstallation vulnerability
Shield Spirit public number promotion system is mainly applied to public number promotion affiliate. A reinstallation vulnerability exists in Shield Spirit Public Promotion System setup.php. As the program fails to validate the installation, an attacker can reinstall the system by exploiting the...
Koschtit Image Gallery 1.82 Local File Inclusion
:local file include: script: koschtitimagegalleryv1.82 download from:http://koschtit..tabere.net/download/ or http://koschtit.tabere.net/en/getit vul:/kibase/kimakepic.php ifisset$GET'file' $file = "../kigalleries/".$GET'file'; else exit; $gallery = substr$GET'file', 0, strpos$GET'file', "/";...
DEBIAN-CVE-2009-1151
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...