Foxit Reader JPEG2000 cdef channel number Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the channel...

CVE-2017-10942

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.0.14878. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2017-15763

IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001eca0."...

Berta CMS Arbitrary File Upload Vulnerability

Berta CMS is a PHP-based web content management system CMS. An arbitrary file upload vulnerability exists in Berta CMS. A remote attacker can exploit this vulnerability by uploading an image file with an executable extension to execute arbitrary code...

Microsoft windows October release of the 62 flaws vulnerability bug patch, and repair of the National researchers submitted the 0-day flaw vulnerability bug-vulnerability warning-the black bar safety net

Microsoft on Tuesday's Patch Tuesday on the breath announced a 62 bug. the bug of the patch, which contains a has been applied to the major Office 0-day exploits flaws in the bug, this is by memory of the destruction occasioned by the long-distance code to perform vulnerability flaws bug（...

IrfanView buffer overflow vulnerability (CNVD-2017-30370)

IrfanView is a Bosnia and Herzegovina software developer Irfan Skiljan developed a picture viewer, which supports image browsing, image editing, image format conversion, etc. PDF plugin is one of the PDF document reading plug-ins. IrfanView 4.44 32-bit in the PDF plugin version 4.43 there is a...

October CMS Arbitrary File Upload Vulnerability

October CMS is a content management program. A security vulnerability exists in October CMS file uploads, which allows remote attackers to exploit the vulnerability to submit specially crafted files to execute arbitrary code in the context of the application...

GE CIMPLICITY Stack Buffer Overflow Vulnerability

GE CIMPLICITY is an HMI software. GE CIMPLICITY suffers from a stack buffer overflow vulnerability that could be exploited by a remote attacker to submit a special request to crash the application or execute arbitrary code...

Design/Logic Flaw

In Cloud Foundry capi-release versions 1.33.0 and later, prior to 1.42.0 and cf-release versions 268 and later, prior to 274, the original fix for CVE-2017-8033 introduces an API regression that allows a space developer to execute arbitrary code on the Cloud Controller VM by pushing a specially...

Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution

Description: The remote code execution is a combination of 4 different vulnerabilities: CVE-2017-11151 allows remote attackers to upload arbitrary files to the specified directories. CVE-2017-11152 allows remote attackers to log in with a fake authentication mechanism. CVE-2017-11153 allows remot...

Trihedral VTScada 8.x < 11.2.02 Multiple Vulnerabilities

Binary data scadatrihedralvtscada11202.nbin...

Memory Corruption Vulnerability in WebKit Component of Multiple Apple Products (CNVD-2017-34452)

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is...

STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30281)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability with a specially crafted .xps file to execute arbitra...

CVE-2017-4924

VMware ESXi ESXi 6.5 without patch ESXi650-201707101-SG, Workstation 12.x before 12.5.7 and Fusion 8.x before 8.5.8 contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host...

Unrestricted file upload

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code...

Code injection

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root...

Google Chrome Type Obfuscation Vulnerability (CNVD-2017-31823)

Google Chrome is an open source web browser. A type obfuscation vulnerability exists in Google Chrome V8, which allows remote attackers to exploit the vulnerability to submit a special request and execute arbitrary code...

Google Chrome Uninitialized Value Error Vulnerability

Google Chrome is an open source web browser. Google Chrome Skia uses uninitialized values that allow remote attackers to exploit vulnerabilities to submit special requests, listen for messages or execute code...

Abusing BITS: BITSInject

Windows’ BITS service is a middleman for your download jobs. You start a BITS job, and from that point on, BITS is responsible for the download. But what if we tell you that BITS is a careless middleman? We have uncovered the way BITS maintains its jobs queue using a state file on disk, and found...

ALC WebCTRL i-Vu/SiteScan Web Path Traversal Vulnerability

ALC WebCTRL is the building automation platform. A security vulnerability exists in ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior versions that allows an authenticated user to overwrite files used to execute code...