CVE-2018-8790

CVE-2018-8790 affects Check Point ZoneAlarm 15.3.064.17729 and earlier, where a WCF service is exposed that enables a local, low-privileged user to execute arbitrary code with SYSTEM privileges. The description in the CVE confirms the vulnerability vector and impact as SYSTEM remote code executio...

SUSE Supportutils Command Injection Vulnerability

SUSE Supportutils is a collection of utility programs used in SUSE Linux systems from SUSE Germany. The product has the ability to collect system troubleshooting information, read and interpret the basic-health-check.txt file, and perform a brief analysis of the kernel core files. A command...

Buffer Overflow Vulnerability in Multiple Qualcomm Products

The Qualcomm MDM9206 and others are a central processing unit CPU product of Qualcomm Incorporated. A buffer overflow vulnerability exists in multiple Qualcomm products, which arises from a program's failure to validate input of data from user space and can be exploited by an attacker to execute...

CVE-2018-20063

An issue was discovered in Gurock TestRail 5.6.0.3853. An "Unrestricted Upload of File" vulnerability exists in the image-upload form available in the description editor, allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a sa...

Microsoft Windows gdiplus bHandleExtCreateFont Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

IBM Security Identity Manager Code Injection Vulnerability

IBM Security Identity Manager is a suite of identity management and governance solutions from IBM in the United States. A code injection vulnerability exists in IBM Security Identity Manager, which allows remote attackers to exploit the vulnerability by submitting a special request that can be us...

Design/Logic Flaw

An attacker could inject commands to launch programs and create, write, and read files on CX-Supervisor Versions 3.42 and prior through a specially crafted project file. An attacker could exploit this to execute code under the privileges of the application...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Ghostscript vulnerability (USN-3866-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3866-1 advisory. Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into...

CVE-2018-19017

Several use after free vulnerabilities have been identified in CX-Supervisor Versions 3.42 and prior. When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the...

Arbitrary Code Execution

samba is vulnerable to arbitrary code execution. A use-after-free flaw was found in the way samba servers handled certain SMB1 requests. An unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code...

USN-3857-1: PEAR vulnerability

Fariskhi Vidyan discovered that PEAR ArchiveTar incorrectly handled certain archive paths. A remote attacker could possibly use this issue to execute arbitrary code...

Design/Logic Flaw

PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. AdminVictim views user in admin-panel and gets...

The vulnerability of the Sandbox Protection Mechanism component of the software for processing, transforming, and generating Ghostscript documents allows a perpetrator to bypass the sandbox protection mechanism and execute arbitrary code.

The vulnerability of the Sandbox Protection Mechanism, a component of the software for processing, transforming, and generating Ghostscript documents, is related to insufficient access control. Exploiting this vulnerability could allow an intruder, operating locally, to bypass the sandbox...

The vulnerability of the console-based graphic editor ImageMagick, related to improper memory management, allows a hacker to cause a system failure or execute arbitrary code.

The vulnerability of the console-based graphic editor ImageMagick is related to improper memory handling. Exploiting this vulnerability can allow a remote attacker to cause service failures or execute arbitrary code...

The vulnerability of the openslp-dfsg package, related to memory-related errors, allows a perpetrator to cause a service failure, gain access to confidential data, or compromise its integrity.

The vulnerability of the openslp-dfsg package is related to memory-related errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...

postgresql: Uncontrolled search path element in pg_dump and other client applications

A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database...

Adobe Acrobat Pro DC ImageConversion XPS GSUB Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC search Javascript Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass Javascript API restrictions on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Adobe Acrobat Pro DC WebLink borderWidth Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Buffer Overflow Vulnerability in Adobe Acrobat and Reader

Adobe Acrobat and Reader are the United States of America Audobee Adobe company's products. The former is a set of PDF file editing and conversion tools, the latter is a set of PDF document reading software. Adobe Acrobat and Reader have a heap buffer overflow vulnerability that can be exploited ...