Show filters
1,185 topics marked with the following tags:
Displaying 1-10 of 1,185
Sort by:
Attacker Value
Unknown
CVE-2013-0648
Disclosure Date: February 27, 2013 (last updated September 20, 2024)
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
0
Attacker Value
Unknown
CVE-2020-25223
Disclosure Date: September 25, 2020 (last updated October 18, 2023)
A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
0
Attacker Value
Unknown
CVE-2018-15133
Disclosure Date: August 09, 2018 (last updated June 11, 2024)
In Laravel Framework through 5.5.40 and 5.6.x through 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and PendingBroadcast in gadgetchains/Laravel/RCE/3/chain.php in phpggc. The attacker must know the application key, which normally would never occur, but could happen if the attacker previously had privileged access or successfully accomplished a previous attack.
0
Attacker Value
Unknown
CVE-2024-28986
Disclosure Date: August 13, 2024 (last updated August 17, 2024)
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine.
While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it without authentication after thorough testing.
However, out of an abundance of caution, we recommend all Web Help Desk customers apply the patch, which is now available.
1
Attacker Value
Unknown
CVE-2020-14644
Disclosure Date: July 15, 2020 (last updated September 19, 2024)
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
0
Attacker Value
Unknown
CVE-2020-8467
Disclosure Date: March 18, 2020 (last updated December 06, 2023)
A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute arbitrary code on affected installations (RCE). An attempted attack requires user authentication.
0
Attacker Value
Unknown
CVE-2024-39891
Disclosure Date: July 02, 2024 (last updated July 25, 2024)
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.)
0
Attacker Value
Unknown
CVE-2024-39717
Disclosure Date: August 22, 2024 (last updated August 27, 2024)
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.
0
Attacker Value
Unknown
CVE-2021-31955
Disclosure Date: June 08, 2021 (last updated July 30, 2024)
Windows Kernel Information Disclosure Vulnerability
0
Attacker Value
Unknown
CVE-2014-0497
Disclosure Date: February 05, 2014 (last updated September 20, 2024)
Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linux, allows remote attackers to execute arbitrary code via unspecified vectors.
0