IIS 系列 Http.sys处理 Range 整数溢出漏洞导致远程代码执行 1.漏洞概要 2015 年 04 月 14 日,微软发布严重级别的安全公告 MS15-034,编号为 CVE-2015-1635,据称在 Http.sys 中的漏洞可能允许远程执行代码。 2. 漏洞描述 CWE: CWE-119 CVE: CVE-2015-1635 Http.sys 是一个位于 Windows 操作系统核心组...
Recently, Apache Tomcat issued a security notice regarding a remote code execution vulnerability (CVE-2024-50379) in certain versions. This vulnerability stems from a flaw in verifying file paths. If the default servlet is write enabled (readonly initialisation parameter set to the non-default ...
A remote code execution vulnerability exists in Microsoft Visual Studio 2019 and Visual Studio 2017 if an XOML (Extensible Object Markup Language) file references certain types and causes random code to be run when the file is opened in Visual Studio. There is now a restriction on which ...
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability 在此页中 CVE-2021-26443安全漏洞 发行版: 2021年11月9日 最后更新:2021年11月12日 Assigning CNA: Microsoft CVE-2021-26443 CVSS:3.1 9.0 / 7.8 Base score metrics: 9.0 / Temporal score metrics: 7.8 Expand all ...
A remote code execution vulnerability exists when Microsoft Windows fails to properly handle cabinet files. To exploit the vulnerability, an attacker would have to convince a user to either open a specially crafted cabinet file or spoof a network printer and trick a user in...
No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. Impact This vulnerability can lead to executing arbitrary code. ...
A vulnerability in the Cisco Adaptive Security Device Manager (ASDM) Launcher could allow an unauthenticated, remote attacker to execute arbitrary code on a user's operating system. This vulnerability is due to a lack of proper signature verification for specific code exchanged between the ASDM and...
这是一个可疑的可远程执行代码的应用。 下面是关于这个问题的具体的描述: A remote code execution vulnerability exists in the remote SAP Gateway as a result of allowing non-SAP applications to communicate with, and potentially run OS commands on SAP applications. An unauthenticated attacker can run the...
IBM WebSphere Application Server traditional is vulnerable to a remote code execution vulnerability. This has been addressed. Vulnerability Details CVEID:CVE-2023-23477 DESCRIPTION: IBM WebSphere Application Server traditional could allow a remote attacker to execute arbitrary code on the system with a...
Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit - Mr-xn/CVE-2024-36401