Bitbucket 6.1.1 Path Traversal to RCE

Impact In Bitbucket the four different user roles Bitbucket User, Project Creator, Admin and System Admin exist. An attacker with the permissions of the role Admin can abuse Bitbuckets Data Center Migration tool to drop an executable shell script in an arbitrary directory. This is caused by a...

Amazon Linux 2 : libvirt (ALAS-2019-1274) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11091 Modern Intel microprocessors implement hardware-level micro-optimizations to improve the...

Sogou Input Method Exe Hijacking Vulnerability

Sogou Input Method is a Chinese character input method tool. Sogou Input Method suffers from an exe hijacking vulnerability, which can be exploited by attackers to run malicious files during update checks...

CVE-2019-15501

Reflected cross site scripting XSS in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter...

PEpper - An Open Source Script To Perform Malware Static Analysis On Portable Executable

An open source tool to perform malware static analysis on P ortable E xecutable Installation eva@paradise:$ git clone https://github.com/Th3Hurrican3/PEpper/ eva@paradise:$ cd PEpper eva@paradise:$ pip3 install -r requirements.txt eva@paradise:$ python3 pepper.py ./malwaredir Screenshot...

The vulnerability in the dwarf_elf_load_headers.c component of the library for providing access to debugging information in DWARF libdwarf, which allows a malicious actor to cause a service failure.

The vulnerability of the dwarfelfloadheaders.c component in the library that provides access to debugging information in DWARF libdwarf is related to zero-division errors. Exploiting this vulnerability could allow a malicious actor to cause service failures using an ELF file...

CVE-2019-5631

The Rapid7 InsightAppSec broker suffers from a DLL injection vulnerability in the 'prunsrv.exe' component of the product. If exploited, a local user of the system who must already be authenticated to the operating system can elevate their privileges with this vulnerability to the privilege level ...

CVE-2019-15130

The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 allows an unauthenticated attacker to upload any file type to a candidate's profile picture folder via a crafted recruitmentonline/personalData/actpersonaltab.cfm multiple-part POST request with a predictable WRC01USERID...

Pulse Secure Pulse Connect Secure SSL VPN Unauthenticated Path Traversal (CVE-2019-11510)

Binary data pulseconnectsecurepathtraversal.nbin...

CVE-2019-12808

ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges...

CVE-2019-12808

ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges...

Privilege escalation

ALTOOLS update service 18.1 and earlier versions contains a local privilege escalation vulnerability due to insecure permission. An attacker can overwrite an executable that is launched as a service to exploit this vulnerability and execute arbitrary code with system privileges...

PT-2019-2990 · Microsoft · Windows Defender

Name of the Vulnerable Software and Affected Versions: Windows Defender affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the MpSigStub.exe file for Defender, allowing file deletion in arbitrary locations. To exploit this, an attacker...

The vulnerability of the FortiOS operating system, related to access control errors, allows a perpetrator to execute arbitrary code.

The vulnerability of the FortiOS operating system is related to access control errors. Exploiting this vulnerability allows a person with administrator privileges to execute arbitrary code by creating a symbolic link to an executable file in the “/bin/” directory...

Fedora Update for upx FEDORA-2019-9a0f02c8c8

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for upx FEDORA-2019-bf4633142b

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

NewStart CGSL MAIN 5.04 : nautilus Vulnerability (NS-SA-2019-0015)

The remote NewStart CGSL host, running version MAIN 5.04, has nautilus packages installed that are affected by a vulnerability: - An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when opened by the user. An...

[SECURITY] Fedora 29 Update: upx-3.95-4.fc29

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

[SECURITY] Fedora 30 Update: upx-3.95-4.fc30

UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks...

CVE-2019-3744

Dell/Alienware Digital Delivery versions prior to 4.0.41 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a Universal Windows Platform application by manipulating the install software package feature with a race condition and a path traversal explo...