Acronis: Missing rate limit for current password field (Password Change) Account Takeover

Vulnerability: Missing Rate Limit for Current Password field Password Change Account Takeover Steps to reproduce the bug: 1Go to Profile Password. Enter any wrong password In current password filed. 2Now enter the new password and Turn the Intercept ON. 3Capture the request & Send the request to...

UBUNTU-CVE-2020-10804

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. A malicious user with access to the server could create a crafted username, and then...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Bridge XD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XD...

Adobe Photoshop U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Adobe Photoshop PCX File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Adobe Photoshop DCM File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists in the parsing of DCM...

Adobe Photoshop GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of...

Adobe Bridge CC GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Bridge CC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of GI...

Adobe Acrobat Reader DC XFA Template Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

(Pwn2Own) Samsung Q60 Smart QLED TV JavaScript Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Q60 Smart QLED TV. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Studio Photo PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Foxit Studio Photo TIF File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing ...

Foxit Studio Photo PSD File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-thunderbird-68.6.0-i686-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more...

Microsoft Word HTML Rendering Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of D...

Microsoft Word and Microsoft Outlook Buffer Overflow Vulnerability

Microsoft Word and Microsoft Outlook are both products of Microsoft Corporation.Microsoft Word is a set of word processing software in the Office suite.Microsoft Outlook is a set of e-mail applications. Microsoft Word and Microsoft Outlook have security vulnerabilities. An attacker could exploit...

Microsoft Word Remote Code Execution Vulnerability (CNVD-2020-18523)

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A remote code execution vulnerability exists in Microsoft Word. An attacker could exploit the vulnerability to perform an action in the context of the current user...

Microsoft Word Remote Code Execution Vulnerability (CNVD-2020-19916)

Microsoft Word is a word processing software in the Office suite of the American Microsoft Microsoft. A security vulnerability exists in Microsoft Word that stems from the program's inability to properly handle memory objects. The vulnerability can be exploited by an attacker with a specially...

(Pwn2Own) Xiaomi Mi9 Browser manualUpgradeInfo Improper Control of Generation of Code Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Mi9 Browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing ...