105 matches found
CVE-2017-18463
cPanel before 62.0.17 allows code execution in the context of the root account via a long DocumentRoot path SEC-225...
CVE-2019-13644
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tagnumber$ tag summary page. NOTE: It is asserted that an attacker must have the same acce...
CVE-2019-7818
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary...
CVE-2018-14270
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
PYSEC-2018-114
Jubatus 1.0.2 and earlier allows remote code execution via unspecified vectors...
Trend Micro Control Manager sCloudService GetPassword SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GetPassword method, which is called by the sCloudService servlet. The...
CVE-2017-1000146
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link o...
seacms6. 55 search.php code execution vulnerability
No description provided by source...
West silent technology smart device/cgi-bin/checkCookie command execution vulnerability
No description provided by source...
Sensio Labs Twig displayBlock任意代码执行漏洞
No description provided by source...
Foxit Reader Freetype Engine Integer Overflow Vulnerability
The host is installed with Foxit Reader and is prone to integer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodfoxitreaderfreetypeengineintoverflowvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ Foxit Reader Freetype Engine Integer Overflow Vulnerability Authors: Shashi Kiran N...
HP OpenView Storage Data Protector code execution
No description provided...
CVE-2009-3586
Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. NOTE: this vulnerability reportedly exists because of an incorrect fix...
Remote file inclusion
PHP remote file inclusion vulnerability in includes/classes/pctemplate.php in PointComma 3.8b2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pcConfigsmartyPath parameter...
[Full-Disclosure] [ GLSA 200503-12 ] Hashcash: Format string vulnerability
Gentoo Linux Security Advisory GLSA 200503-12 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
abcm2ps: Buffer overflow vulnerability
Background abcm2ps is a utility used to convert ABC music sheet files into PostScript format. Description Limin Wang has located a buffer overflow inside the putwords function in the abcm2ps code. Impact A remote attacker could convince the victim to download a specially-crafted ABC file. Upon...
[security bulletin] SSRT4739 rev.0 HP WebJetadmin arbitrary command execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBPI01078 REVISION: 0 SSRT4739 rev.0 HP Web Jetadmin arbitrary command execution ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin provided that...
CVE-2004-0016
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files...
GoldMine code execution
No description provided...
WSMP3 0.0.x - Remote Command Execution
source: https://www.securityfocus.com/bid/7645/info A vulnerability has been reported in WsMp3. The problem occurs due to insufficient sanitization of HTTP POST requests. As a result, an attacker may be capable of executing arbitrary files on a target system. This may lead to the complete...