UBUNTU-CVE-2018-10874

In ansible it was found that inventory variables are loaded from current working directory when running ad-hoc command which are under attacker's control, allowing to run arbitrary code as a result...

Polaris Office Arbitrary Code Execution Vulnerability

Infraware Polaris Office is a suite of office software developed by Infraware Korea for mobile devices. The software is mainly used for viewing and editing Word documents, Excel tables, PowerPoint files and so on. A security vulnerability exists in Infraware Polaris Office 2017 version 8.1. An...

PT-2018-2340

Name of the Vulnerable Software and Affected Versions ansible affected versions not specified Description A flaw in ansible allows an attacker to execute arbitrary code by altering the ansible.cfg file in the current working directory to point to a plugin or module path under their control. This...

CVE-2018-12589

Polaris Office 2017 8.1 allows attackers to execute arbitrary code via a Trojan horse puiframeworkproresenu.dll file in the current working directory...

Microsoft Windows VBScript Class_Terminate Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Office Excel Parsed Expression Uninitialized Memory Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

Adobe Photoshop JPEG2000 Image Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Microsoft Windows VBScript Class_Terminate Invalid Object Access Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows VBScript. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/mozilla-firefox-52.9.0esr-i586-1slack14.2.txz: Upgraded. This release contains security fixes and improvements. For more...

Vulnerability of Microsoft Edge, Internet Explorer browsers, and the JavaScript scenario handler ChakraCore, caused by memory object handling errors, allowing attackers to execute arbitrary code.

The vulnerability of Microsoft Edge, Internet Explorer, and the JavaScript scenario handler ChakraCore arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

Microsoft Chakra Scripting Engine Remote Memory Corruption Vulnerability

Microsoft ChakraCore is the core of the JavaScript engine used by Edge, a web browser from Microsoft. A remote code execution vulnerability exists in Microsoft ChakraCore. The vulnerability can be exploited by a remote attacker to execute arbitrary code in the context of the current user,...

M4Ngl3M3 - Common Password Pattern Generator Using Strings List

Common password pattern generator using strings list. Quick Installation: $ git clone https://github.com/localh0t/m4ngl3m3 $ cd m4ngl3m3 $ ./main.py Basic Help: usage: main.py -h -fy FROMYEAR -ty TOYEAR -sy -nf NUMBERSFILE -sf SYMBOLSFILE -cf CUSTOMFILE -sbs -sap -mm MUTATIONMETHODS MUTATIONMODE...

[slackware-security] libgcrypt

New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libgcrypt-1.7.10-i586-1slack14.2.txz: Upgraded. Use blinding for ECDSA signing to mitigate a novel side-channel attack. For more...

Microsoft Chakra Typed Array Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Edge and ChakraCore Memory Corruption Vulnerability (CNVD-2018-11920)

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation.Edge is one of the web browsers.ChakraCore is the core of an open source Chakra JavaScript scripting engine used in Edge, or as a standalone... JavaScript engine. A memory corruption vulnerability...

Microsoft Edge Memory Corruption Vulnerability (CNVD-2018-11917)

Microsoft Edge is Microsoft's built-in browser in its latest operating system, Windows 10. A memory corruption vulnerability exists in Microsoft Edge. The vulnerability stems from the program failing to properly access objects in memory. A remote attacker can exploit the vulnerability with the he...

Microsoft Edge and ChakraCore Memory Corruption Vulnerability

Microsoft Windows 10 is a next-generation cross-platform operating system from Microsoft.Edge is one of the browsers that comes with the system.ChakraCore is the core of an open-source JavaScript engine that is used in Edge, and can also be used as a stand-alone JavaScript engine. engine. A memor...

Microsoft Edge Memory Corruption Vulnerability (CNVD-2018-11935)

Microsoft Edge is Microsoft's built-in browser in its latest operating system, Windows 10. A memory corruption vulnerability exists in Microsoft Edge. The vulnerability stems from Edge failing to properly access objects in memory. A remote attacker can exploit the vulnerability to execute arbitra...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2018-11936)

Internet Explorer is a web browser from Microsoft. A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability stems from Internet Explorer failing to properly access objects in memory. A remote attacker can exploit the vulnerability to execute arbitrary code in the...

Microsoft Edge CSS Background Property Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of C...