The vulnerability of the wwunpack function (libclamav/wwunpack.c) in the Clam Antivirus anti-virus tool allows a hacker to cause a service failure.

The vulnerability of the wwunpack function in the Clam Antivirus protection tool libclamav/wwunpack.c is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to cause a service failure by using a specially created PE file, compressed with WWPack...

USN-3393-1 clamav vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2017-6418 It was discovered that ClamAV incorrectly handled certain malformed CHM files. A remote...

Cisco Application Policy Infrastructure Controller Custom Binary Privilege Escalation Vulnerability

A vulnerability in the build procedure for certain executable system files installed at boot time on Cisco Application Policy Infrastructure Controller APIC devices could allow an authenticated, local attacker to gain root-level privileges. The vulnerability is due to a custom executable system...

OneThink Frontend Cache Mechanism Has Design Flaw Vulnerability

OneThink is an open source content management framework developed by ThinkPHP team based on ThinkPHP. OneThink front-end caching mechanism has a design flaw vulnerability. Since the program caches registered usernames to a cache file in the temp directory, and the cache file has executable...

Fuji Electric Monitouch V-SFT Insecure Configuration Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate their privileges on vulnerable installations of Fuji Electric Monitouch V-SFT. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists withi...

Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Unrestricted file upload

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension...

CVE-2015-7571

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension...

CVE-2015-5946

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension...

CVE-2015-7571

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension...

DEBIAN-CVE-2017-6420

The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service use-after-free via a crafted PE file with WWPack compression...

The vulnerability of the PowerShell command interpreter for Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of PowerShell command interpreters on Windows operating systems is related to improper handling of executable files during the renaming process. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

kernel: load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary

A flaw was found in the way the Linux kernel loaded ELF executables. Provided that an application was built as Position Independent Executable PIE, the loader could allow part of that application's data segment to map over the memory area reserved for its stack, potentially resulting in memory...

kernel: Incorrectly mapped contents of PIE executable

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected...

Unrestricted File Upload

in2code/powermail is vulnerable a to unrestricted file upload vulnerability. By uploading files with an executable file extension, attackers are able to execute arbitrary code...

CVE-2017-11674

Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service application crash via a malformed PRE file, related to a "Read Access Violation starting at reporter!madTraceProcess."...

Bye, bye Petya! Decryptor for old versions released.

Following the outbreak of the Petya-based malware in Ukraine, the author of the original version, Janus, decided to release his master key, probably closing the project. You can read the full story here. Based on the released key, we prepared a decryptor that is capable of unlocking all the...

UBUNTU-CVE-2017-10708

An issue was discovered in Apport through 2.20.x. In apport/report.py, Apport sets the ExecutablePath field and it then uses the path to run package specific hooks without protecting against path traversal. This allows remote attackers to execute arbitrary code via a crafted .crash file...

NemucodAES Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns

Two malware families, NemucodAES and Kovter, are being packaged together in .zip attachments and delivered via active spam campaigns. Researcher Brad Duncan said, “together these two pieces of malware could deliver a nasty punch.” Duncan, a handler at the SANS Institute Internet Storm Center, sai...

Microsoft Windows Multiple Vulnerabilities (KB4025341)

This host is missing a critical security update according to Microsoft KB4025341 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...