Microsoft Office Excel xls File Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

Instacart: Get all instacart emails - missing rate limit on /accounts/register

Hey Instacart team, When signing up for an account, you enter your email. When this email is already in use, the server responds with ""errors":"email":"has already been taken"" This in not a problem, but the fact that you could send this request unlimited times is the issue. This way we can easi...

[slackware-security] xorg-server

New xorg-server packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/xorg-server-1.18.3-i586-4slack14.2.txz: Rebuilt. This update fixes two security issues: Xext/shm: Validate shmseg...

U.S. Dept Of Defense: SQL injections

Summary: An email is not well handeled and leads to sql injection. Description: This request POST /FileTransfer/Upload HTTP/1.1 Host: www.███████ The parameter from is injectable and leads to valid sql injection. Impact I didn't go all out and get a shell but, an attaker could exctract db...

(0Day) Eaton ELCSoft LAD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Eaton ELCSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of a L...

CVE-2017-14649

ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does not properly validate JNG data, leading to a denial of service assertion failure in magick/pixelcache.c, and application crash...

Heap overflow

The AP4AvccAtom and AP4HvccAtom classes in Bento4 version 1.5.0-617 do not properly validate data sizes, leading to a heap-based buffer over-read and application crash in AP4DataBuffer::SetData in Core/Ap4DataBuffer.cpp...

CVE-2017-14646

The CVE-2017-14646 entry affects Bento4, specifically the AP4_AvccAtom and AP4_HvccAtom classes in version 1.5.0-617. The flaw is improper validation of data sizes, causing a heap-based buffer over-read and an application crash in AP4_DataBuffer::SetData. Impact is described as a crash/partial Do...

Design/Logic Flaw

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service use-after-free after an invalid call to TIFFSetField,...

CVE-2017-14528

The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service use-after-free after an invalid call to TIFFSetField,...

The vulnerability of the CORS filter in Apache Tomcat servers allows a hacker to infect both clients and servers under certain circumstances.

The vulnerability of the CORS filter on Apache Tomcat servers arises from incorrect validation of data authenticity. Exploiting this vulnerability can allow a malicious actor, operating remotely, to infect both clients and servers under certain circumstances...

Code injection

This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the save...

Delta Industrial Automation WPLSoft Stack Buffer Overflow Vulnerability

Delta Industrial Automation is a global industrial automation manufacturer of power management and thermal solutions. WPLSoft and PMSoft are Delta's PLC programming software. A stack buffer overflow vulnerability exists in Delta Industrial Automation WPLSoft. Due to a failure to properly validate...

(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

(0Day) Delta Industrial Automation WPLSoft dvp File Parsing Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation WPLSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Foxit Reader PDF Arbitrary File Write Remote Code Execution (CVE-2017-10952)

A remote code execution vulnerability has been reported in Foxit Reader. The vulnerability is due improper data validation which could lead to writing files. A remote attacker could exploit this vulnerability by enticing a user to click a maliciously crafted file. Successful exploitation could le...

Bitdefender Internet Security Inno File Locations Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Adobe Acrobat Pro DC XFA nodes Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...