22 matches found
CVE-2023-29004
hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A Path Traversal vulnerability was found in the current version of Roxy-WI 6.3.9.0 at the moment of writing this report. The vulnerability can be exploited via an HTTP request to /app/options.py and the...
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
EUVD-2022-42517
Malicious code in bioql PyPI...
EUVD-2025-21082
Malicious code in bioql PyPI...
PT-2025-32600 · Sap · Sap S/4Hana
Name of the Vulnerable Software and Affected Versions: SAP S/4HANA affected versions not specified Description: SAP S/4HANA Supplier invoice is vulnerable to CRLF Injection. An attacker with user-level privileges can bypass the allowlist and insert untrusted sites into the 'Trusted Sites'...
PT-2023-1475 · Nvidia · Nvidia Geforce Experience
Name of the Vulnerable Software and Affected Versions: NVIDIA GeForce Experience affected versions not specified Description: The issue is related to an uncontrolled search path vulnerability in the client installers of NVIDIA GeForce Experience. This vulnerability can be exploited by an attacker...
CVE-2022-23001
When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user's assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting...
PT-2022-15770 · Unknown · Sweet B Library
Name of the Vulnerable Software and Affected Versions: Sweet B library affected versions not specified Description: The issue arises from an incorrect choice of sign bit when compressing or decompressing elliptic curve points using the Sweet B library. An attacker with user-level privileges can...
CVE-2021-34715 Cisco Expressway Series and TelePresence Video Communication Server Image Verification Vulnerability
A vulnerability in the image verification function of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with internal user privileges on the underlying operating system. The vulnerability is due to...
Keybase: Keybase client: downloaded executables lack "com.apple.quarantine" meta-attribute [macOS]
Summary 1. Missing quarantine attribute for downloaded files allows remote attacker to send executable file that won't be checked by Gatekeeper codesign bypass. 2. Since sent executable files lack com.apple.quarantine meta-attribute, no alert about launching executable file from the web will be...
CVE-2018-15430
A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficien...
Input validation
A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficien...
CVE-2018-15430
Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) are affected by an input-validation vulnerability in the management web interface. The issue stems from insufficient validation of the contents of update/upgrade packages, allowing an authenticated, remote attacker to...
CVE-2018-15430 Cisco Expressway Series and Cisco TelePresence Video Communication Server Remote Code Execution Vulnerability
A vulnerability in the administrative web interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an authenticated, remote attacker to execute code with user-level privileges on the underlying operating system. The vulnerability is due to insufficien...
Brave Software: `settingcontent-ms` files lacks "mark of the web" => execute code by dbl click in Downloads toolbar
Summary: settingcontent-ms files allow launching any binary with any params. Brave doesn't mark settingcontent-ms files with "mark of the web", so the file could be executed by double click in "Downloads" toolbar. Launched settingcontent-ms file could lead to code execution with user-level...
CVE-2017-8080
Atlassian Hipchat Server before 2.2.4 allows remote authenticated users with user level privileges to execute arbitrary code via vectors involving image uploads...
Microsoft Windows Shell Remote Code Execution Vulnerabilities (2727528)
This host is missing a critical security update according to Microsoft Bulletin MS12-072. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Microsoft Windows Shell Remote Code Execution Vulnerability (2691442)
This host is missing an important security update according to Microsoft Bulletin MS12-048. OpenVAS Vulnerability Test $Id: secpodms12-048.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows Shell Remote Code Execution Vulnerability 2691442 Authors: Sooraj KS Copyright: Copyright c 2012 SecPod...
Microsoft Windows File/Directory Names Handling Arbitrary Command Injection Vulnerability
Description Microsoft Windows is prone to a remote command-injection that affects the Windows Shell component vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary shell commands with user-level privileges. This may...
CygniCon CyViewer - ActiveX Control 'SaveData()' Insecure Method
source: https://www.securityfocus.com/bid/48483/info CygniCon CyViewer ActiveX control is prone to a vulnerability caused by an insecure method. Successfully exploiting this issue will allow attackers to create or overwrite files within the context of the affected application typically Internet...