CVE-2019-10038

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file...

Design/Logic Flaw

An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the...

CVE-2019-8404

An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the...

Microsoft Windows - Contact File Format Arbitary Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'fileutils' require 'rex/zip' class MetasploitModule 'Microsoft Windows Contact File Format Arbitary Code Execution', 'Description' = %q This vulnerability allow...

Microsoft Windows Contact File Format Arbitary Code Execution Exploit

This Metasploit module allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to processing of contact...

Microsoft Windows Contact File Format Arbitary Code Execution

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw is due to the processing of ".contact...

CVE-2018-19586

Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call. This vulnerability enables regular users to write arbitrary files on the...

The vulnerability of the elf32_xlatetom function in the elfutils package, related to the possibility of the operation exceeding the buffer boundaries in memory, allows a hacker to trigger a service failure.

The vulnerability of the elf32xlatetom function in the libelf package within the elfutils suite is related to the possibility of the operation exceeding the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to trigger a service failure due to a specially crafted E...

The vulnerability of VMware Workstation’s virtualization platform lies in its security flaws related to the handling of executable file paths, allowing attackers to escalate their privileges.

The vulnerability of VMware Workstation’s virtualization platform is related to deficiencies in security mechanisms for processing pathnames of executable files. Exploiting this vulnerability can allow attackers to gain increased privileges...

Important: flatpak

Issue Overview: Earlier versions of flatpak exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file.CVE-2019-8308 Affected Packages: flatpak Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the...

CVE-2019-4034

IBM Content Navigator 3.0CD is could allow an attacker to execute arbitrary code on a user's workstation. When editing an executable file in ICN with Edit service, it will be executed on the user's workstation. IBM X-Force ID: 156000...

CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

Code injection

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

CVE-2018-18496

When the RSS Feed preview about:feeds page is framed within another page, it can be used in concert with scripted content for a clickjacking attack that confuses users into downloading and executing an executable file from a temporary directory. Note: This issue only affects Windows operating...

Reko - A General Purpose Binary Decompiler

Reko Swedish: "decent, obliging" is a C project containing a decompiler for machine code binaries. This project is freely available under the GNU General Public License. The project consists of front ends, core decompiler engine, and back ends to help it achieve its goals. A command-line, a Windo...

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...

CVE-2019-8308

Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...

The vulnerability of the `parse_die` function in the GNU Binutils development environment allows a perpetrator to trigger a service failure.

The vulnerability of the parsedie function in the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker to cause a service failure through an ELF file with corrupted debugging information in dwarf1...

The vulnerability of the software used for creating Pro-Face GP-Pro EX automation projects, due to insufficient validation of input data, allows a perpetrator to execute any executable file upon running GP-Pro EX.

The vulnerability of the software used for creating Pro-Face GP-Pro EX automation projects is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute any executable file upon running GP-Pro EX...

Microsoft Windows CONTACT - Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft .CONTACT File...