7634 matches found
CVE-2017-0374
lib/Config/Model.pm in Config-Model aka libconfig-model-perl before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array...
PlaySMS 1.4 - Remote Code Execution
PlaySMS 1.4 - Remote Code Execution Exploit Title: PlaySMS 1.4 Remote Code Execution to Poisoning admin log Date: 19-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website: http://touhidshaikh.com/...
(Pwn2Own) Apple Safari B3 Optimization Out-Of-Bounds Access Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of B3...
(Pwn2Own) Apple Safari ProcessingInstruction Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Microsoft Edge browser vulnerability, allowing a hacker to execute arbitrary code
The vulnerability of Microsoft Edge arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, which may lead to memory corruption...
ICS-CERT Releases WannaCry Fact Sheet
The Industrial Control Systems Cyber Emergency Response Team ICS-CERT has released a short overview of the WannaCry ransomware infections. This fact sheet provides information on how the WannaCry program spreads, what users should do if they have been infected, and how to protect against similar...
(Pwn2Own) Apple Safari Array concat Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...
Apple Safari RenderElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Apple Safari RenderInline Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Microsoft Office Memory Corruption Vulnerability (CNVD-2017-06604)
Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. The Office software does not properly handle memory objects and is implemented with a memory corruption vulnerability that allows an attacker to run arbitrary code in the current user...
Microsoft Edge Remote Code Execution Vulnerability
Microsoft Edge is the web browser built into the Windows 10 version. A remote code execution vulnerability exists in the scripting engine presentation when Microsoft Edge handles in-memory objects, where an attacker could execute arbitrary code in the current user context...
Dolibarr ERP/CRM Arbitrary Password Change Vulnerability
Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A security vulnerability exists in Dolibarr ERP/CRM version...
Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CNVD-2017-06600)
Internet Explorer is a web browser from Microsoft. Internet Explorer does not properly access memory objects and is implemented with a remote memory corruption vulnerability that could allow an attacker to execute arbitrary code in the current user context...
Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-06587)
Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge does not properly access memory objects and is implemented with a remote memory corruption vulnerability that allows an attacker to execute arbitrary code in the current user context...
Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-06589)
Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge does not properly access memory objects, and a remote memory corruption vulnerability exists in the JavaScript engine rendering implementation, where an attacker could execute arbitrary code in the current user...
Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-06590)
Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge does not properly access memory objects, and a remote memory corruption vulnerability exists in the JavaScript engine rendering implementation, where an attacker could execute arbitrary code in the current user...
Microsoft Internet Explorer Remote Memory Corruption Vulnerability (CNVD-2017-06601)
Internet Explorer is a web browser from Microsoft. Internet Explorer does not properly access memory objects and is implemented with a memory corruption vulnerability that could allow an attacker to execute arbitrary code in the current user context...
Microsoft Internet Explorer/Edge Remote Memory Corruption Vulnerability (CNVD-2017-06599)
Internet Explorer is a web browser from Microsoft. Internet Explorer does not properly access memory objects and is implemented with a memory corruption vulnerability that could allow an attacker to execute arbitrary code in the current user context...
Microsoft Edge Remote Memory Corruption Vulnerability (CNVD-2017-06595)
Microsoft Edge is the web browser built into the Windows 10 version. A remote memory corruption vulnerability exists in the Chakra JavaScript engine rendering when Microsoft Edge handles in-memory objects, where an attacker could execute arbitrary code in the current user context...
UBUNTU-CVE-2017-8879
Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation...