Information Disclosure

Linux kernel is vulnerable to information disclosure vulnerability. This is because the movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. A local attacker could learn the memory layout of a setuid executable allowing mitigation of ASL...

CVE-2019-12099

In PHP-Fusion 9.03.00, editprofile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/formfileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload...

Design/Logic Flaw

An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the...

CVE-2019-8404

An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the...

Apache Tomcat 9.0.x < 9.0.1 RCE

Binary data 700703.pasl...

CVE-2019-9847

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windo...

CVE-2019-9847

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windo...

Design/Logic Flaw

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windo...

CVE-2019-9847 Executable hyperlink targets executed unconditionally on activation

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windo...

CVE-2019-9847

A vulnerability in LibreOffice hyperlink processing allows an attacker to construct documents containing hyperlinks pointing to the location of an executable on the target users file system. If the hyperlink is activated by the victim the executable target is unconditionally launched. Under Windo...

Information disclosure

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceTLGetTask.cgi executable is used to retrieve MSCII configuration values within the configuration manager of the AirLink ES450...

Termshark - A Terminal UI For Tshark, Inspired By Wireshark

A terminal user-interface for tshark, inspired by Wireshark. If you're debugging on a remote machine with a large pcap and no desire to scp it back to your desktop, termshark can help! Features Read pcap files or sniff live interfaces where tshark is permitted. Inspect each packet using familiar...

Stack Overflow Vulnerability in Turing Open Matter Configuration Software Studio.exe Handling SPJ Files

Beijing Turing Kaiwu Technology Co., Ltd. is a company that deals with technology development; computer system services; data processing; basic software services; application software services and other items. A stack overflow vulnerability exists in the SPJ file handled by Studio.exe of Turing's...

Format string

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable PE malware. This space is left unspecified so that...

CVE-2019-11687

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems,...

CVE-2019-11687

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems,...

CVE-2019-11687

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems,...

CVE-2019-11687

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems,...

CVE-2019-11687

CVE-2019-11687 concerns the DICOM Part 10 File Format (NEMA DICOM Standard 1995–2019b and current). The 128-byte preamble can contain arbitrary executable headers (including PE/ELF), enabling polyglot/malicious DICOM files (e.g., dual‑purpose TIFF/DICOM) to be used as attack surface. Exploitation...

The vulnerability of the FreeBSD operating system arises from insufficient validation of input data by the ELF header analyzer. This allows attackers to compromise the confidentiality of protected information or cause service failures.

The vulnerability of the FreeBSD operating system exists due to insufficient checking of input data by the ELF header analyzer. Exploiting this vulnerability can allow an attacker to compromise the confidentiality of protected information or cause service failures...