6809 matches found
KBVault MySQL 0.16a - Arbitrary File Upload
Exploit Title: KBVault MySQL v0.16a - Unauthenticated File Upload to Run Code Google Dork: inurl:"FileExplorer/Explorer.aspx" Date: 2017-06-14 Exploit Author: Fatih Emiral Vendor Homepage: http://kbvaultmysql.codeplex.com/ Software Link: http://kbvaultmysql.codeplex.com/downloads/get/858806...
AppCheck and AppCheck Pro Untrustworthy Search Path Vulnerabilities
AppCheck and AppCheck Pro are both anti-tampering software. An untrusted search path vulnerability exists in AppCheck versions prior to 2.0.1.15 and AppCheck Pro versions prior to 2.0.1.15. An attacker can exploit this vulnerability to execute arbitrary code with the help of a specially crafted...
Microsoft Win32k Elevation of Privilege (CVE-2017-8468)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable file...
Microsoft Win32k Elevation of Privilege (CVE-2017-8465)
An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable file...
JVN#27198823: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file
Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Impact This vulnerability can be exploited when the following...
CVE-2017-2214
Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...
CVE-2016-7838
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory...
CVE-2016-7838
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory...
Design/Logic Flaw
Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory...
Design/Logic Flaw
Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...
Net Monitor for Employees Pro Unordered Service Path Privilege Escalation Vulnerability
NetMonitorForEmployeesProfessional is a remote employee monitoring software, it is a software application for PC platforms, the software size is 13362KB. An out-of-order service path privilege escalation vulnerability exists in Net Monitor for Employees Pro. The vulnerability stems from a "block...
EulerOS 2.0 SP1 : icoutils (EulerOS-SA-2017-1089)
According to the versions of the icoutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple vulnerabilities were found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by...
CVE-2017-6638
A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input...
CVE-2017-7965
A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller...
CVE-2017-7563
In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MTEXECUTENEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits one bit versus two bits...
AppCheck may insecurely invoke an executable file
Overview AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc...
Parallels Desktop - Virtual Machine Escape
Parallels Desktop - Virtual Machine Escape + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp...
Parallels Desktop - Virtual Machine Escape
Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website :...
The vulnerability of Qualcomm’s TrustZone microprogramming software technology, which allows a hacker to trigger a service failure.
The vulnerability of Qualcomm’s TrustZone microprogramming software’s Android Secure Execution Environment from the CAF repository is related to buffer overflow attacks. Exploiting this vulnerability could allow a malicious actor, operating remotely, to trigger a service failure using a specially...
QuickSand.io - Tool For Scanning Streams Within Office Documents Plus Xor DB Attack
QuickSand is a compact C framework to analyze suspected malware documents to 1 identify exploits in streams of different encodings, 2 locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detect documents that contain zero-day or...