UBUNTU-CVE-2019-17450

findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service infinite recursion and application crash via a crafted ELF file...

CVE-2019-15751

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands...

CVE-2019-16718

In radare2 before 3.9.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and...

CVE-2019-16718

In radare2 before 3.9.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and...

Command injection

In radare2 before 3.9.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to an insufficient fix for CVE-2019-14745 and...

CVE-2019-16718

Radare2 (up to 3.9.0) is affected by CVE-2019-16718 due to a command-injection in bin_symbols() (libr/core/cbin.c). The flaw stems from an insufficient fix for CVE-2019-14745 and improper handling of symbol names embedded in executables, allowing an attacker to run arbitrary shell commands with t...

Joker Spyware Found in 24 Google Play Apps

A new spyware has been making the rounds in Android apps on Google Play, infecting victims post-download to steal their SMS messages, contact lists and device information. In addition to stealing victims’ information, the malware also stealthily signs them up for premium service subscriptions tha...

The vulnerability in the dwarf_elf_load_headers.c component of the library for providing access to debugging information in DWARF libdwarf, which allows a malicious actor to cause a service failure.

The vulnerability of the dwarfelfloadheaders.c component in the library that provides access to debugging information in DWARF libdwarf is related to zero-division errors. Exploiting this vulnerability could allow a malicious actor to cause service failures using an ELF file...

The vulnerability of the FortiOS operating system, related to access control errors, allows a perpetrator to execute arbitrary code.

The vulnerability of the FortiOS operating system is related to access control errors. Exploiting this vulnerability allows a person with administrator privileges to execute arbitrary code by creating a symbolic link to an executable file in the “/bin/” directory...

CVE-2019-14745

In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...

CVE-2019-14745

In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...

CVE-2019-1010209

GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.phpL5637. The fixed version is: 1.4.14...

Code injection

GoUrl.io GoURL Wordpress Plugin 1.4.13 and earlier is affected by: CWE-434. The impact is: unauthenticated/unzuthorized Attacker can upload executable file in website. The component is: gourl.phpL5637. The fixed version is: 1.4.14...

CVE-2019-13623

In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java from the package ghidra.app.plugin.core.archive via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis...

CVE-2019-13623

In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java from the package ghidra.app.plugin.core.archive via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis...

CVE-2019-13623

In NSA Ghidra before 9.1, path traversal can occur in RestoreTask.java from the package ghidra.app.plugin.core.archive via an archive with an executable file that has an initial ../ in its filename. This allows attackers to overwrite arbitrary files in scenarios where an intermediate analysis...

CVE-2019-13623

Ghidra CVE-2019-13623 affects NSA Ghidra prior to 9.1. A path traversal in RestoreTask.java enables an archive containing an executable with a leading ../ in its filename to overwrite arbitrary files, potentially affecting analysis results and, per the entry, enabling arbitrary code execution by ...

Malicious Package

antd-cloud is a malicious package. The package uploads system information to a remote server, downloads a file and executes it...

CVE-2019-5981

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors...

Authorization

Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors...