196 matches found
CVE-2024-28099
VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...
CVE-2024-28099
VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application...
CVE-2024-28099
CVE-2024-28099 affects VT STUDIO versions 8.32 and earlier. The root cause is an insecure DLL search path that may allow loading malicious DLLs, enabling arbitrary code execution with the application’s privileges. Reported across multiple sources (Red Hat, NVD, JVN/JVNVU, PT-Security, and others)...
ver-nieuws.nl Cross Site Scripting vulnerability OBB-3903351
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2024-28048
OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11...
CVE-2024-28131
EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...
CVE-2024-28131
EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed...
CVE-2024-29071
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings...
JVN#17176449: ffBull vulnerable to OS command injection
ffBull according to the original report submitted by the reporter provided by Fortunefield is a bulletin board system BBS. ffBull contains an OS command injection vulnerability CWE-78. Impact A remote unauthenticated attacker may execute an arbitrary OS command with the privilege of the running w...
CVE-2024-21805
Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is...
JVN#48443978: a-blog cms vulnerable to directory traversal
a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a directory traversal vulnerability CWE-22. Impact A user with editor or higher privilege who can log in to the product may obtain arbitrary files on the server including password files. Solution Update t...
CVE-2024-27497
Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file...
CVE-2024-27497
Linksys E2000 router (Firmware 1.0.06 build 1) is affected by CVE-2024-27497 due to an authentication bypass in the position.js file. The vulnerability enables unauthorized access to the device. Remediation is to upgrade to a patched firmware version as indicated in the connected documents; explo...
CVE-2024-25559
URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log...
CVE-2024-25559
CVE-2024-25559 affects a-blog cms versions 3.1.0 through 3.1.8.1 The vulnerability is a URL spoofing issue that can force the administrator to visit an arbitrary website when clicking a link in the audit log, triggered by a specially crafted request. The root cause is exposure of trusted navigati...
CVE-2024-23782
Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this...
Xxe
CX-Designer Ver.3.740 and earlier included in CX-One CXONE-ALD-V4 contains an improper restriction of XML external entity reference XXE vulnerability. If a user opens a specially crafted project file created by an attacker, sensitive information in the file system where CX-Designer is installed m...
Possible deadlock in Linux kernel event handling
ISSUE DESCRIPTION Closing of an event channel in the Linux kernel can result in a deadlock. This happens when the close is being performed in parallel to an unrelated Xen console action and the handling of a Xen console interrupt in an unprivileged guest. The closing of an event channel is e.g...
Cross site scripting
Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 a...
CVE-2023-22317
Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314...