PHP on Windows 8.1.x < 8.1.29 / 8.2.x < 8.2.20 / 8.3.x < 8.3.8 Arbitrary Code Execution (CVE-2024-4577)

The version of PHP: Hypertext Preprocessor detected on the remote Windows host is 8.1.x prior to 8.1.29, 8.2.x prior to 8.2.20, or 8.3.x prior to 8.3.8. It is, therefore, affected by an arbitrary code execution vulnerability: - In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before...

BIT-PHP-MIN-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows...

AZL-42433 CVE-2024-4577 affecting package php for versions less than 8.3.8-1

In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...

PT-2024-5911 · Rust +1 · Rust +1

Name of the Vulnerable Software and Affected Versions: Rust affected versions not specified Description: The issue is related to the std::process::Command component of the Rust programming language on Windows operating systems. It involves the injection or modification of arguments, potentially...

Microsoft Windows 代码注入漏洞

Microsoft Windows is a suite of operating systems for personal device use from Microsoft Corporation USA. A code injection vulnerability exists in Microsoft Windows Modern Execution Server, which arises from a network system or product not properly filtering specific elements of externally input...

CVE-2020-27534

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

Pointer dereference in subsystem in Intel(R) Graphics Driver allows unprivileged user to elevate privileges via local access

Summary: The Intel® Graphics Drivers for Windows Code can fail to adequately validate a pointer input. This may lead to modification of kernel memory and a potential for an escalation of privilege. Reference CVE-2017-5727. Description: The Intel® Graphics Drivers for Windows Code can fail to...

KB4284860: Windows 10 June 2018 Security Update

The remote Windows host is missing security update 4284860. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Human Interface Device HID Parser Library driver improperly handles objects in memory. An attacker who successfully...

KLA11892 Multiple vulnerabilties in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, cause denial of service, gain privileges. Below is a complete list of vulnerabilities: 1. A memory corrupti...

Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass

Microsoft Windows 10 - CiSetFileCache TOCTOU Security Feature Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1332 Windows: CiSetFileCache TOCTOU Security Feature Bypass Platform: Windows 10 10586/14393/10S not tested 8.1 Update 2 or Windows 7 Class: Security Feature Bypa...

Code injection

SWFTools 2013-04-09-1007 on Windows has a "Data from Faulting Address controls Branch Selection starting at image0000000000400000+0x0000000000003e71" issue. This issue can be triggered by a malformed TTF file that is mishandled by font2swf. Attackers could exploit this issue for DoS Access...

Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow - Ver2 (CVE-2013-0003)

A buffer overflow exists in the System.DirectoryServices.Protocols S.DS.P namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by...

eSignal and eSignal Pro <= 10.6.2425.1208 Multiple Vulnerabilites

No description provided by source. Luigi Auriemma Application: eSignal and eSignal Pro http://www.esignal.com/esignal/default.aspx Versions: = 10.6.2425.1208 Platforms: Windows Bugs: A code execution B heap overflow Exploitation: file Date: 06 Sep 2011 Author: Luigi Auriemma e-mail:...

Microsoft .NET Framework S.DS.P Namespace Method Buffer Overflow (CVE-2013-0003)

A buffer overflow exists in the System.DirectoryServices.Protocols S.DS.P namespace method in the .NET framework. The vulnerability is due to an error in the validation of the size of objects in memory prior to copying them into an array.An attacker can remotely exploit this vulnerability by...

Microsoft .NET Framework WinForms Buffer Overflow (CVE-2013-0002)

A buffer overflow vulnerability exists in Microsoft .NET Framework Windows Form. The vulnerability is due to a race condition when handling the size of an array of objects prior to copying them into a global memory buffer.An attacker can remotely exploit this vulnerability by enticing a user to...

CVE-2017-1028

...