JVN#57205588: Installer of FENCE-Explorer may insecurely load Dynamic Link Libraries and invoke executable files

FENCE-Explorer provided by FUJITSU BROAD SOLUTION & CONSULTING Inc. is a tool to view and edit a file in "FENCE Briefcase" which is created by FENCE-Pro and other FENCE series software. Installer of FENCE-Explorer contains an issue with the search path for DLL/executable files, which may lead to...

SpiderControl SCADA Web Server Elevation of Privilege Vulnerability

SCADA Web Server is a software management platform. An elevation of privilege vulnerability exists in SpiderControl SCADA Web Server. An authenticated, non-administrative local user could change the service executable with elevated privileges, allowing an attacker to execute arbitrary code in the...

Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim

Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 1...

CVE-2017-14140

The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...

CVE-2017-14140

The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...

UBUNTU-CVE-2017-14140

The movepages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR...

DEBIAN-CVE-2017-14129

The readsection function in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service parsecompunit heap-based buffer over-read and application crash via a crafted ELF file...

Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially...

Failed to Delete pvp File Because streamprocess.exe Has it Open

Failed to delete pvp file because streamprocess.exe has it open. You may see SHARING VIOLATION or ACCESS DENIED in the process monitor...

Metasploit Detection (Linux/Unix SSH Login)

Detects the installed version of Metasploit on Linux. The script logs in via ssh, searches for executable and queries the version from SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

BSA-2017-359

Security Advisory ID : BSA-2017-359 Component : Kernel Revision : 2.0: Interim The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMITINFINITY and 1 Gigabyte of memory is allocated the maximum under the 1/4 restriction then the stack will be grow...

BSA-2017-360

Security Advisory ID : BSA-2017-360 Component : Linux Kernel Revision : 2.0: Interim The offset2lib patch as used by the Linux Kernel contains a vulnerability, if RLIMITSTACK is set to RLIMITINFINITY and 1 Gigabyte of memory is allocated the maximum under the 1/4 restriction then the stack will b...

Disk Savvy Enterprise 9.9.14 Buffer Overflow

!/usr/bin/env python Exploit Title: Disk Savvy Enterprise 9.9.14 Remote SEH Buffer Overflow Date: 2017-08-25 Exploit Author: Nipun Jaswal & Anurag Srivastava Author Homepage: www.pyramidcyber.com Vendor Homepage: http://www.disksavvy.com Software Link:...

BSA-2017-358

Security Advisory ID : BSA-2017-358 Component : Offset2lib Patch Protection Bypass Revision : 2.0: Interim The offset2lib patch as used in the Linux Kernel contains a vulnerability that allows a PIE binary to beexecve'edwith 1GB of arguments or environmental strings then the stack occupies the...

CVE-2017-5208

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service memory corruption via a crafted executable, which triggers a denial of service application crash or the possibility of execution of arbitrary code...

CVE-2017-5208

Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service memory corruption via a crafted executable, which triggers a denial of service application crash or the possibility of execution of arbitrary code...

Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files

Overview Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA...

JVN#67954465: Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files

Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Impact This vulnerability can be exploited when the following condition is...

Symantec VIP Access for Desktop DLL Load Native Code Execution Vulnerability

Symantec VIP Access for Desktop is a suite of online account security protection software from Symantec Symantec. A security vulnerability exists in versions of Symantec VIP Access for Desktop prior to 2.2.4. An attacker could exploit the vulnerability to run an external executable file...

CVE-2017-6329

Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a DLL Pre-Loading vulnerability. These types of issues occur when an application looks to call a DLL for execution and an attacker provides a malicious DLL to use instead. Depending on how the application is configured, the...