CVE-2019-3567

In osquery, CVE-2019-3567 describes a bypass where an attacker can inject a new executable path into extensions.load and hard link a parent folder of a malicious binary to a folder with safe permissions, causing osquery to load the malicious binary with SYSTEM privileges. The issue affects instal...

CVE-2019-3567

In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said malicious executable with SYSTEM permission...

CVE-2019-10038

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file...

CVE-2019-10038

Evernote 7.9 on macOS allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as the /Applications/Calculator.app/Contents/MacOS/Calculator file...

Memory corruption vulnerability in pestudio's handling of PE formats

pestudio is a free tool for validating applications. A memory corruption vulnerability exists in pestudio's handling of the PE format. An attacker can cause the program to crash by constructing a malformed PE file...

[SECURITY] Fedora 29 Update: python3-3.7.3-3.fc29

Python is an accessible, high-level, dynamically typed, interpreted program ming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3 package provides the "python3" executable: the...

CVE-2017-11740

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system...

CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

Design/Logic Flaw

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

CVE-2017-15652

Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga imagemagick used that. The attack vector is: Someone must open a postscript file though...

CVE-2017-15652

CVE-2017-15652 affects Artifex Ghostscript 9.22. The vulnerability is described as an information disclosure risk: attackers can obtain sensitive information through processing a PostScript file. The affected area includes source code files, functions, executables, and libga usage (imagemagick re...

Mozilla Firefox Command Execution Vulnerability

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 67, which stems from the program failing to recognize .JNLP files used in 'Java web start' applications as executable files. An...

Ubuntu 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3991-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3991-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could...

FreeBSD rtld execl() Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in the FreeBSD run-time link-editor rtld. The rtld unsetenv function fails to remove LD environment variables if findenv fails. This can be abused to load arbitrary shared objects using LDPRELOAD, resulting in privileged code execution. This module...

FreeBSD rtld execl() Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD rtld execl Privilege Escalation', 'Description' = %q This module exploits a vulnerability in the FreeBSD run-time link-editor rtld. The...

CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

UBUNTU-CVE-2019-11696

Files with the .JNLP extension used for "Java web start" applications are not treated as executable content for download prompts even though they can be executed if Java is installed on the local system. This could allow users to mistakenly launch an executable binary locally. This vulnerability...

Solaris 789 (SPARC) - dtprintinfo Local Privilege Escalation (2)

Solaris 789 SPARC - dtprintinfo Local Privilege Escalation 2 / raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this...

Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

/ raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...

Fedora Update for python3 FEDORA-2019-1ffd6b6064

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...