CVE-2018-11642

Incorrect Permission Assignment on the /var/www/xms/cleanzip.sh shell script run periodically in Dialogic PowerMedia XMS through 3.5 allows local users to execute code as the root user...

Microsoft Windows Iexpress Untrustworthy Search Path Vulnerability

Microsoft Windows Iexpress is a tool for compressing CAB files bundled with Windows from Microsoft USA. An untrusted search path vulnerability exists in the self-extracting archive file created in Microsoft Windows Iexpress. The vulnerability can be exploited by an attacker with a malicious DLL i...

CVE-2018-1000533

klaussilveira GitList version = 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in searchTree function that can result in Execute any code as PHP user. This attack appear to be exploitable via Send POST request using search form. This vulnerability appears to...

YARA Buffer Overflow Vulnerability

YARA is a set of tools used to help software researchers identify and categorize malware samples. A security vulnerability exists in the 'yrexecutecode' function of the libyara/exec.c file in YARA. The vulnerability can be exploited by an attacker to execute code out-of-bounds writing with the he...

SECURITY BULLETIN: Webmin as used in IBM QRadar SIEM is vulnerable to Execute code as root. (CVE-2015-2011)

Summary The xmlrpc.cgi Webmin script allows arbitrary command execution and escalation of privileges. Vulnerability Details CVE-ID: CVE-2015-2011 Description: IBM QRadar could allow an authenticated user to execute code as root. CVSS Base Score:8.5 CVSS Temporal Score: See...

UBUNTU-CVE-2018-12034

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...

DEBIAN-CVE-2018-12034

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds read vulnerability in yrexecutecode in libyara/exec.c...

UBUNTU-CVE-2018-12035

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...

PT-2018-10955

Name of the Vulnerable Software and Affected Versions YARA versions prior to 3.7.1 Description The issue arises when parsing a specially crafted compiled rule file, leading to an out of bounds read in the yr execute code function located in libyara/exec.c. Recommendations For versions prior to...

Multiple Apple products cross-border read vulnerability

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is...

IBM QRadar SIEM Unauthenticated Remote Code Execution

IBM QRadar SIEM has three vulnerabilities in the Forensics web application that when chained together allow an attacker to achieve unauthenticated remote code execution. The first stage bypasses authentication by fixating session cookies. The second stage uses those authenticated sessions cookies...

CVE-2018-6236

A Time-of-Check Time-of-Use privilege escalation vulnerability in Trend Micro Maximum Security Consumer 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222813 by the tmusa driver. An attacker must first obtain the...

CVE-2018-5680

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

CVE-2018-5675

CVE-2018-5675 affects Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1. The flaw occurs in the processing of PDF files with embedded u3d images, where crafted data can trigger an out-of-bounds write in a buffer, allowing remote code execution under the current process. An attacker must ent...

CVE-2017-11240

Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user...

CVE-2018-9976

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2018-10479

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Design/Logic Flaw

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2018-10476

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...