Exploit for Unrestricted Upload of File with Dangerous Type in Webfulcreations Computer_Repair_Shop

CVE-2024-51793 / 0-Click RCE Exploit - Author: Joshua Provost...

CVE-2023-39903

An issue was discovered in Fujitsu Software Infrastructure Manager ISM before 2.8.0.061. The ismsnap component in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log allows insecure collection and storage of authorization credentials in cleartext...

CVE-2023-37462 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-skin-ui

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document SkinsCode.XWikiSkinsSheet leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute...

SRC-2019-0026 : Foxit Reader PDF Printer proxyCPDFAction Stack Buffer Overflow Elevation of Privilege Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on vulnerable installations of Foxit Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists withi...

Adobe Reader DC Onix32 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Cisco WebEx Recorder and Player ATAS32 Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Cisco WebEx Recorder and Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Wecon LeviStudioU UserManage GroupIdSet Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Wecon LeviStudioU. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

Authentication flaw

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of NetGain Systems Enterprise Manager 7.2.699 build 1001. User interaction is required to exploit this vulnerability. The specific flaw exists within the MainFilter servlet. The issue results from the...

Ubiquiti UniFi Video 3.7.3 - Local Privilege Escalation

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Ubiquiti UniFi Video Windows Vendor URL: https://www.ubnt.com Type: Improper Handling of Insufficient Permissions or Privileges CWE-280 Date found: 2016-05-24 Date published: 2017-12-20 CVSS...

CVE-2017-11382

Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350...

(0Day) UCanCode E-XD++ Visualization Enterprise Suite UCCDRAW AddColorUserProperty Untrusted Pointer Dereference Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of UCanCode E-XD++ Visualization Enterprise Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration manageIP6 Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

Adobe Acrobat Reader - AFParseDate JavaScript API Restrictions Bypass

Title: Adobe Acrobat Reader AFParseDate Javascript API Restrictions Bypass Vulnerability Date: 09/28/2015 Author: Reigning Shells, based off PoC published by Zero Day Initiative Vendor Homepage: adobe.com Version: Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and...

(0Day) SAP Sybase ESP esp_parse Connection.canDiscover Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Sybase ESP. User interaction is not required to exploit this vulnerability. The specific flaw exists within the Connection.canDiscover function in espserverlib.dll. By sending specific argument...

ABB RobotStudio Tools CWGraph3D ActiveX Control Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ABB RobotStudio Tools. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Office Word sprmCMajority Record Parsing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Word. User interaction is required to exploit this vulnerability in that the target must open a malicious document. The specific flaw exists in the parsing of sprmCMajority records...

Update Protection against Adobe RoboHelp Server SQL Injection Vulnerability

Adobe RoboHelp Server is vulnerable to a SQL injection attack. A remote attacker can trigger this vulnerability by sending a specially crafted URL to a vulnerable installation of RoboHelp Server. An attacker would need to have access to the RoboHelp Help Errors log, or convince someone with acces...

TPTI-07-06: Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption

TPTI-07-06: Trillian Pro Rendezvous XMPP HTML Decoding Heap Corruption http://dvlabs.tippingpoint.com/advisory/TPTI-07-06 May 2, 2007 -- CVE ID: CVE-2007-2418 -- Affected Vendor: Cerulean Studios -- Affected Products: Trillian Pro 3.1 build 121 and below -- TippingPointTM IPS Customer Protection:...

AppServ appserv/main.php appserv_root Parameter Remote File Inclusion

The remote host appears to be running AppServ, a compilation of Apache, PHP, MySQL, and phpMyAdmin for Windows and Linux. The version of AppServ installed on the remote host fails to sanitize user-supplied input to the 'appservroot' parameter of the 'appserv/main.php' script before using it in a...

lyris_attachment_mssql.pm.txt

This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...