CVE-2017-14118

In the EyesOfNetwork web interface aka eonweb 5.1-0, module\toolall\tools\interface.php does not properly restrict exec calls, which allows remote attackers to execute arbitrary commands via shell metacharacters in the hostlist parameter to module/toolall/selecttool.php...

The vulnerability of the debian/tor.init script of the Tor information exchange software allows a hacker to circumvent restrictions.

The vulnerability of the debian/tor.init script in the Debian software for anonymous information exchange, Tor, is related to access control deficiencies. This script was designed to execute aa-exec from the standard system path, provided the AppArmor package is installed. Exploiting this...

Unitrends UEB 9.1 - Privilege Escalation

Exploit Title: Authenticated lowpriv RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...

CVE-2017-12481

CVE-2017-12481 affects Ledger 3.1.1, where the find_option function in option.cc can be triggered by a crafted file to cause a stack-based buffer overflow, leading to a denial of service (and potentially other impact). Public documents in the connected set confirm this CVE alongside related ones ...

DEBIAN-CVE-2017-11565

debian/tor.init in the Debian tor0.2.9.11-1deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly with a wrong assumption that the specific pathname would remain the same forever, which allows...

CVE-2017-11565

debian/tor.init in the Debian tor0.2.9.11-1deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly with a wrong assumption that the specific pathname would remain the same forever, which allows...

ExpressionEngine: Image lib - unescaped file path

Under ./system/ee/legacy/libraries/Imagelib.php There are function from CodeIgniter to manipulate images. The issue is that the PHP function exec is used two times in two different functions: imageprocessimagemagick and imageprocessnetpbm In both cases the fullsrcpath and fulldstpath are given...

Veritas Backup Exec Remote Agent Installed

Binary data veritasbackupexecremoteagentinstalled.nbin...

Veritas Backup Exec Remote Agent 14.1.x < 14.1.1786.1126 / 14.2.x < 14.2.1180.3160 / 16.0.x < 16.0.1142.1327 Use-after-free RCE (VTS17-006)

The version of Vertias Backup Exec Remote Agent installed on the remote Windows host is 14.1.x prior to 14.1.1786.1126, 14.2.x prior to 14.2.1180.3160, or 16.0.x prior to 16.0.1142.1327. It is, therefore, affected by a remote code execution vulnerability due to a use-after-free error that is...

Google Chrome - Out-of-Bounds Access in RegExp Stubs

There is an out-of-bounds access in RegExp.prototype.exec and RegExp.prototype.test. The code defined in BranchIfFastRegExp checks whether a regular expression object has the default map, however, it is possible to alter the map after this check has been performed. This can cause inline fields,...

BestSafe Browser - Man In The Middle Remote Code Execution

Exploit Title: BestSafe Browser FREE NoAds - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser.com Software Link: See APK archive websites Screenshot: Refer to https://www.youtube.com/watch?v=VXNVzjsH0As...

Veritas/Symantec Backup Exec - SSL NDMP Connection Use-After-Free (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free',...

Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free',...

Veritas / Symantec Backup Exec - SSL NDMP Connection Use-After-Free Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/ndmpsocket' require 'openssl' require 'xdr' class MetasploitModule 'Veritas/Symantec...

PT-2017-4136 · Freedesktop.Org +2 · Poppler +2

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Poppler affected versions not specified Description: The issue is related to a division by zero error in the PostScriptFunction::exec function, specifically in the psOpIdiv case, which can lead to a denial of service. Thi...

openSUSE: Security Advisory for mercurial (openSUSE-SU-2017:1572-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Easy MOV Converter 1.4.24 Buffer Overflow

!/usr/bin/python Exploit Title: Easy MOV Converter 1.4.24 - 'Enter User Name' Field Buffer Overflow SEH Date: 13-06-2017 Exploit Author: @abatchy17 -- www.abatchy.com Vulnerable Software: Easy MOV Converter Vendor Homepage: http://www.divxtodvd.net/ Version: 1.4.24 Software Link:...

Veritas/Symantec Backup Exec SSL NDMP Connection Use-After-Free

This module exploits a use-after-free vulnerability in the handling of SSL NDMP connections in Veritas/Symantec Backup Exec's Remote Agent for Windows. When SSL is re-established on a NDMP connection that previously has had SSL established, the BIO struct for the connection's previous SSL session...

Veritas Backup Exec Agent for Windows/Linux and Mac Memory Corruption Vulnerability

Veritas Backup Exec Agent is a suite of backup and recovery solutions from Veritas Technologies, USA. A memory corruption vulnerability exists in Veritas Backup Exec Agent for Windows, Linux, and Mac-based platforms. A remote attacker could exploit the vulnerability to cause the agent to crash or...

CVE-2017-8895

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the...