2025-06-05 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2011-10007 | RCLAMP - File::Find::Rule | File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted filename. A file handle is opened with the 2 argument form of `open()` allowing an attacker controlled filename to provide the MODE parameter to `open()`, turning the filename into a command to be executed. Example: $ mkdir /tmp/poc; echo > “/tmp/poc/|id” $ perl -MFile::Find::Rule \ -E ‘File::Find::Rule->grep(“foo”)->in(“/tmp/poc”)’ uid=1000(user) gid=1000(user) groups=1000(user),100(users) | CNA n/a CVSS3.1: 8.8 - HIGH | 0 1 2 3 | Exploitation: pocAutomatable: noTechnical Impact: total | File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when `grep()` encounters a crafted file name | github |
| CVE-2025-20129 | Cisco - Cisco SocialMinerCisco - Cisco Unified Contact Center Express | A vulnerability in the web-based chat interface of Cisco Customer Collaboration Platform (CCP), formerly Cisco SocialMiner, could allow an unauthenticated, remote attacker to persuade users to disclose sensitive data. This vulnerability is due to improper sanitization of HTTP requests that are sent to the web-based chat interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the chat interface of a targeted user on a vulnerable server. A successful exploit could allow the attacker to redirect chat traffic to a server that is under their control, resulting in sensitive information being redirected to the attacker. | CVSS3.1: 4.3 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | Cisco Customer Collaboration Platform Information Disclosure Vulnerability | github |
| CVE-2011-2016 | n/a - n/a | Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka “Windows Mail Insecure Library Loading Vulnerability.” | CNA n/a CVSS3.1: 7.3 - HIGH | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2020-36603 | n/a - n/a | The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges. | CNA n/a CVSS3.1: 6.5 - MEDIUM | 0 1 2 3 4 | Exploitation: pocAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2018-25112 | PHOENIX CONTACT - ILC 131PHOENIX CONTACT - ILC 151PHOENIX CONTACT - ILC 171PHOENIX CONTACT - ILC 191 ETH | An unauthenticated remote attacker may use an uncontrolled resource consumption in the IEC 61131 program of the affected products by creating large amounts of network traffic that needs to be handled by the ILC. This results in a Denial-of-Service of the device. | CVSS3.1: 7.5 - HIGH | 0 | Exploitation: noneAutomatable: yesTechnical Impact: partial | PHOENIX CONTACT: ILC 1x1 ETH Denial of Service | github |
This post is licensed under CC BY 4.0 by the author.