AVCLASS++ - Yet Another Massive Malware Labeling Tool

AVCLASS++ is an appealing complement to AVCLASS 1, a state-of-the-art malware labeling tool. Overview AVCLASS++ is a labeling tool for creating a malware dataset. Addressing malware threats requires constant efforts to create and maintain a dataset. Especially, labeling malware samples is a vital...

CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523...

CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523...

Design/Logic Flaw

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523...

CVE-2019-4612

IBM Planning Analytics 2.0 is vulnerable to malicious file upload in the My Account Portal. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 168523...

Symantec Endpoint Protection Manager OpenSSL Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Symantec Endpoint Protection Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2019-14745

In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...

CVE-2019-14745

In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...

Command injection

In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...

CVE-2019-14745

In radare2 before 3.7.0, a command injection vulnerability exists in binsymbols in libr/core/cbin.c. By using a crafted executable file, it's possible to execute arbitrary shell commands with the permissions of the victim. This vulnerability is due to improper handling of symbol names embedded in...

PT-2019-4352

Name of the Vulnerable Software and Affected Versions GNU Libc affected versions not specified Description The issue is related to the libld component of the GNU Libc library, which provides system calls and basic functions. It is associated with insufficient input validation, allowing a remote...

CVE-2017-11740

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system...

Mozilla Firefox Command Execution Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 67, which stems from the program failing to recognize .JNLP files used in 'Java web start' applications as executable files. An...

CVE-2019-12099

In PHP-Fusion 9.03.00, editprofile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/formfileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload...

An info stealer .exe malware is targeting Mac users around the globe

By Waqas Cybercriminals have identified a unique method of attacking Mac devices, which involves exploiting executable or .EXE files. Those files that can be executed both on Mac and Windows devices have the potential of infecting Mac computers as these unload a .exe malware. Discovered by Trend...

Arbitrary Code Execution via File List Module

Due to missing file extensions in $GLOBALS'TYPO3CONFVARS''BE'‘fileDenyPattern’, backend users are allowed to upload .phar, .shtml, .pl or .cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability...

The vulnerability of Cisco Email Security Appliances arises from deficiencies in the mechanisms for detecting malicious content in executable files. This allows attackers to circumvent security restrictions.

The vulnerability of Cisco Email Security Appliances’ security systems stems from deficiencies in the mechanisms for detecting malicious content in executable files EXE files. Exploiting this vulnerability allows a malicious actor to send messages containing malicious files remotely...

RookIE User Agent Executable Download

Certain malicious executable files can be downloaded to computer systems using RookIE user agent...

Information disclosure

An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files...

Code injection

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier allows remote authenticated attackers to upload and execute any executable files via unspecified vectors...