CVE-2018-10492

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Adobe Acrobat Pro DC EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC ImageConversion EMF GIF ImageData Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

IBM Security QRadar SIEM SQL Injection Vulnerability (CNVD-2018-10458)

IBM Security QRadar SIEM applies security intelligence and perceptual analytics by consolidating, standardizing and correlating log and stream data to help prioritize security events and stay away from advanced threats. IBM Security QRadar SIEM suffers from a SQL injection vulnerability that allo...

Foxit Reader PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

CVE-2017-7000

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted we...

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform allows a perpetrator to write arbitrary files and execute arbitrary code.

The vulnerability of the dbman service of the HPE Intelligent Management Center PLAT software platform is related to the improper processing of the Opcode 10010 request. Exploiting this vulnerability allows a remote attacker to write arbitrary files and execute arbitrary code...

CVE-2018-6229

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system...

CMS Made Simple Remote Code Execution Vulnerability (CNVD-2018-06398)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism , etc. File Manager is one of the file management component ....

Xion 1.0.125 Buffer Overflow

!/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The aVenetiana Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original Advisory: http://www.exploit-db.com/exploits/14517 hadji samir...

Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit

Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit !/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The “Venetian” Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original...

Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit

!/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The “Venetian” Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original Advisory: http://www.exploit-db.com/exploits/14517 hadji samir...

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

Microsoft Windows kernel elevation of privilege vulnerability (CNVD-2018-05039)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the operating system kernels. An elevation of privilege vulnerability exists in the Microsoft Windows kernel. A local attacker can exploit this vulnerability by running a...

Adobe Acrobat Pro DC XPS Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Xxe

XML external entity XXE vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...

CVE-2014-3005

XML external entity XXE vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...

CVE-2014-3244

CVE-2014-3244 concerns an XML external entity (XXE) vulnerability in the RSSDashlet dashlet of SugarCRM prior to 6.5.17. The underlying issue is an XXE in XML requests that allows an attacker to read arbitrary files or potentially execute arbitrary code. Affected product: SugarCRM RSSDashlet comp...

Google Chrome for Mac, Windows and Linux WebGL Heap Buffer Overflow Vulnerability

Google Chrome for Mac, Windows and Linux is a web browser developed by Google for the Mac, Windows and Linux platforms.WebGL is one of the 3D drawing standards. A heap buffer overflow vulnerability exists in WebGL in versions prior to Google Chrome 64.0.3282.119 for Windows, Mac, and Linux-based...

CVE-2017-12181

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code...