Page 42 of 8785 results (0.027 seconds)

CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0

An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users. • https://googleprojectzero.blogspot.com/2016/02/the-definitive-guide-on-win32-to-nt.html https://medium.com/%40danielshaulov01/malwarebytes-premium-security-av-bypass-cve-2024-44744-97bb6192ed4a • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0

Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_zip function. • https://blog.hawktesters.com/zero-day-alert-scriptcase-vulnerabilities-rce • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.7.34. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. • https://www.wordfence.com/threat-intel/vulnerabilities/id/7d4ae4a7-aec1-4cc1-bea0-61dde44027fc?source=cve https://plugins.trac.wordpress.org/browser/email-subscribers/tags/5.7.29/lite/includes/class-es-common.php#L244 https://plugins.trac.wordpress.org/changeset/3157336 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

A DLL hijacking vulnerability in VegaBird Vooki 5.2.9 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Vooki.exe. VegaBird Vooki version 5.2.9 suffers from a dll hijacking vulnerability. • http://vegabird.com https://sploitus.com/exploit?id=PACKETSTORM:181913 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

A DLL hijacking vulnerability in VegaBird Yaazhini 2.0.2 allows attackers to execute arbitrary code / maintain persistence via placing a crafted DLL file in the same directory as Yaazhini.exe. VegaBird Yaazhini version 2.0.2 suffers from a dll hijacking vulnerability. • http://vegabird.com https://sploitus.com/exploit?id=PACKETSTORM:181912 • CWE-94: Improper Control of Generation of Code ('Code Injection') •