EUVD-2017-1425

Malware in sbrugna...

EUVD-2022-6967

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-40692

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient capability checks made it possible for teachers to download users outside of their courses. CVE-2021-40692 Note that Nessus relies on the presence ...

The vulnerability of the Veritas NetBackup software for backup and data restoration operations lies in the lack of measures taken to neutralize special elements used in the operating system commands. This allows an attacker to execute arbitrary code.

The vulnerability of the Veritas NetBackup backup and recovery software relates to the lack of measures taken to neutralize special elements used in the operating system command. Exploiting this vulnerability allows a malicious actor to execute arbitrary code, provided that the user downloads a...

CVE-2022-27176

Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions when using 'File Sanitization Option', and RevoWorks Desktop 2.1.84 and prior versions when using 'File...

Samsung Internet User Download Interface Error Vulnerability

Samsung Internet is an application for Samsung Samsung mobile devices that provides browser functionality. A user download interface error vulnerability exists in versions prior to Samsung Internet 16.0.6.23, which can be exploited by an attacker to perform domain spoofing via a specially crafted...

CVE-2017-17876

Biometric Shift Employee Management System 3.0 allows remote attackers to bypass intended file-read restrictions via a user=download request with a pathname in the path parameter...

OPENSUSE-SU-2016:1884-1 Security update for karchive

This update for karchive fixes the following issues: - CVE-2016-6232: A remote attacker could have been able to overwrite arbitrary files when tricking the user into downloading KDE extras such as wallpapers or Plasma Applets boo989698...

User Download Folder Files

Nessus was able to generate a report of all files listed in the default user download folder. C Tenable Network Security, Inc. include"compat.inc"; if !definedfunc"nasllevel" || nasllevel 5200 exit0, "Not Nessus 5.2+"; if description scriptid92434; scriptversion"1.5"; scriptcvsdate"Date: 2018/05/...

FireEye MPS JAR analyzer command execution

Added: 12/28/2015 BID: 78809 Background The FireEye Malware Protection System MPS detects and eliminates malware found on file shares, web downloads, and e-mail. Problem A vulnerability in the Java Archive analysis tool could allow command execution when the tool analyzes a specially crafted JAR...

WordPress Swim Team Plugin <= 1.44.10777 - Absolute Path Traversal

This vulnerability is in include/user/download.php. It allows an attacker to read arbitrary files via a full pathname in the "file" parameter. Solution Update the plugin...

Swim Team <= v1.44.10777 - Local File Inclusion

The code in ./wp-swimteam/include/user/download.php doesn't sanitize user input from downloading sensitive system files. $ curl...

Windows Media Player PNG buffer overflow

Added: 06/16/2006 CVE: CVE-2006-0025 BID: 18385 OSVDB: 26430 Background Windows Media Player is an audio and video media player for Windows platforms. Problem A buffer overflow in Windows Media Player allows command execution when a user opens a specially crafted PNG image file. Resolution Apply...

CVE-2006-0173

Hummingbird Collaboration aka Hummingbird Enterprise Collaboration 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified docext and id parameters, which might trick a user into downloading dangerous or unexpected content...