UBUNTU-CVE-2015-1248

The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL...

CVE-2015-1248

CVE-2015-1248 affects Google Chrome's FileSystem API prior to 40.0.2214.91, enabling a SafeBrowsing bypass by placing an .exe in a temporary filesystem and referencing it via a filesystem:http: URL. The issue is referenced in multiple advisories (Debian DSA-3238-1, Gentoo GLSA-201506-04, CNVD-201...

CVE-2015-1248

The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL...

CVE-2015-1248

Removed by vendor...

New Evasion Techniques Help AlienSpy RAT Spread Citadel Malware

Hackers have co-opted AlienSpy, a remote access tool, to deliver the Citadel banking Trojan and establish backdoors inside a number of critical infrastructure operations. AlienSpy is a descendent of the Adwind, Unrecom and Frutas Java-based remote access Trojans, according to security company...

eBay Fixes File Upload and Patch Disclosure Bugs

eBay has fixed a pair of security vulnerabilities in its site that could enable attackers to upload executable files disguised as benign file types, construct full path URLs and then point victims to them through drive-by download attacks. The first bug resulted from the failure of an eBay page t...

IT-Grundschutz M4.023: Sicherer Aufruf ausführbarer Dateien

IT-Grundschutz M4.023: Sicherer Aufruf ausführbarer Dateien. Stand: 14. Ergänzungslieferung 14. EL. OpenVAS Vulnerability Test $Id: GSHBM4023.nasl 7883 2017-11-23 11:22:59Z emoss $ IT-Grundschutz, 14. EL, Maßnahme 4.023 Authors: Thomas Rotter Copyright: Copyright c 2015 Greenbone Networks GmbH,...

CVE-2015-0941

The Inetc plugin for Nullsoft Scriptable Install System NSIS, as used in CERT/CC Failure Observation Engine FOE and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a craft...

CVE-2015-0941

CVE-2015-0941 : The Inetc plug‑in for NSIS does not validate SSL certificates, enabling MITM attacks that could spoof servers and potentially execute arbitrary code during download of Windows executables. Affected: NSIS Inetc plug‑in (used in FOE and other products). Impact: possible arbitrary co...

Malware Poses as Flash Update Infects 110,000 Facebook Users within 2 Days

Facebook users just Beware!! Don’t click any porn links on Facebook. Foremost reason is that you have thousands of good porn sites out there, but there's an extra good reason right now. Rogue pornography links on the world’s most popular social network have reportedly infected over 110,000 Facebo...

ArticleFR CMS 3.0.5 - Arbitrary File Upload

ArticleFR CMS 3.0.5 - Arbitrary File Upload Exploit Title: Arbitrary File Upload in articleFR CMS 3.0.5 Google Dork: N/A Date: 01/21/2015 Exploit Author: Tran Dinh Tien [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://freereprintables.com Software Link:...

Mobilis MobiConnect 3G ZDServer privilege escalation

Weak permissions for system service and executable files...

CVE-2014-6119

IBM Security AppScan Enterprise is affected by CVE-2014-6119. The vulnerability allows remote attackers to execute arbitrary code via a crafted executable file inside an archive. Affected versions are: 8.5 before 8.5 IFix 002; 8.6 before 8.6 IFix 004; 8.7 before 8.7 IFix 004; 8.8 before 8.8 iFix ...

Code injection

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file...

JVN#50367052: EmFTP may insecurely load executable files

EmFTP contains a flaw when loading files, where an unitended executable file may be loaded when attempting to open a file without an extension. For example, if a text file named "exmaple" without an extension and an executable "example.exe" are in the same directory, attemtping to open the file...

VulnCheck KEV: CVE-2013-3900

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

Gadu-Gadu 6.0 File Download Filename Obfuscation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/11017/info Gadu-Gadu is a Polish instant messaging application for Microsoft Windows operating systems. It is reported that the Gadu-Gadu instant messenger application contains a weakness allowing attackers to obfuscate...

GDB 6.6 - Process_Coff_Symbol UPX File Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24291/info GDB is prone to a buffer-overflow vulnerability because it fails to properly check bounds when handling specially crafted executable files. Attackers could leverage this issue to run arbitrary code outside of a...

Threat Outbreak Alert RuleID10190: Email Messages Distributing Malicious Software on June 2, 2014

Medium Alert ID: 34520 First Published: 2014 June 2 20:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID10190 may contain the following files: Name | Size...

Hidden File Finder v3.0 - Free Tool to Find and Unhide/Remove all the Hidden Files

Hidden File Finder is the free software to quickly scan and discover all the Hidden files on your Windows system. It performs swift multi threaded scan of all the folders parallely and quickly uncovers all the hidden files. It automatically detects the Hidden Executable Files EXE, DLL, COM etc an...