Mail.ru: Unsafe downloaded file execution

ICQ inteface did not informed user on potentially dangerous file types then opening file from the chat window...

Serv-U FTP Server prepareinstallation Privilege Escalation

This module attempts to gain root privileges on systems running Serv-U FTP Server versions prior to 15.1.7. The Serv-U executable is setuid root, and uses ARGV0 in a call to system, without validation, when invoked with the -prepareinstallation flag, resulting in command execution with root...

SUSE-SU-2019:1690-1 Security update for libvirt

This update for libvirt fixes the following issue: Security issue fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd bsc113830...

SUSE-SU-2019:1686-1 Security update for libvirt

This update for libvirt fixes the following issues: Security issues fixed: - CVE-2019-10161: Fixed virDomainSaveImageGetXMLDesc API which could accept a path parameter pointing anywhere on the system and potentially leading to execution of a malicious file with root privileges by libvirtd...

Information disclosure

In Zoho ManageEngine Application Manager 13.1 Build 13100, the administrative user has the ability to upload files/binaries that can be executed upon the occurrence of an alarm. An attacker can abuse this functionality by uploading a malicious script that can be executed on the remote system...

GraphicsMagick CVE-2019-19951 Heap Buffer Overflow Vulnerability

Description GraphicsMagick is prone to a heap-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successful exploits may allow the attacker to crash the affected application. Due to the nature o...

CVE-2019-11687

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple operating systems,...

IBM Jazz Reporting Service Information Disclosure Vulnerability (CNVD-2019-14395)

IBM Jazz Reporting Service JRS is a suite of applications for discovering cross-project reports from IBM USA. The program can be used in integration with IBM RationalCLM's Rational solution for managing all lifecycles of development projects. CLM users can access the reports provided by JRS in a...

WordPress SupportCandy Plugin <= 2.0.0 Arbitrary File Upload Vulnerability

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

CVE-2019-9794

A vulnerability was discovered where specific command line arguments are not properly discarded during Firefox invocation as a shell handler for URLs. This could be used to retrieve and execute files whose location is supplied through these command line arguments if Firefox is configured as the...

CVE-2019-8933

In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory without being blocked by the Web Application Firewall, and then execute this file, via this sequence of steps: visiting the management page, clicking on the template, clicking on Default Template Management, clicking on...

CVE-2019-8933

CVE-2019-8933 affects DedeCMS 5.7SP2. An attacker can upload a PHP file to uploads/ and execute it by abusing the management/template workflow: navigate to Default Template Management, create a New Template, and alter the filename from ../index.html to ../index.php. This indicates a path/filename...

Arbitrary Code Execution

flac is vulnerable to arbitrary code execution. A stack-based buffer overflow in streamdecoder.c allows an attacker to pass a malicious FLAC audio file to execute arbitrary code or crash the process when the file is read...

Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

CVE-2018-5199

In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file...

CVE-2018-5199

CVE-2018-5199 affects Veraport G3 ALL on macOS. The root cause is insufficient domain validation, enabling an attacker to overwrite an installation file with a malicious file and potentially execute arbitrary code. Exploitation details are not provided in the documents beyond the high-level descr...

CVE-2018-5199 WIZVERA Remote Code Execution Vulnerability

In Veraport G3 ALL on MacOS, due to insufficient domain validation, It is possible to overwrite installation file to malicious file. A remote unauthenticated attacker may use this vulnerability to execute arbitrary file...

Panasonic PC Registration Unreferenced Service Path Vulnerability

The Panasonic PC is a computer device from the Japanese company Panasonic. A security vulnerability exists in Panasonic PCs devices manufactured in October 2009 and later with Windows 7, Windows 8, Windows 8.1, and Windows 10 preinstalled. An attacker could exploit the vulnerability to execute...

GetSimple CMS HTML File Execution Vulnerability (CNVD-2019-00329)

Cagintranet GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A security vulnerability exists in Cagintranet GetSimple CMS version 3.3.15. An attacker ca...

GetSimple CMS HTML File Execution Vulnerability

Cagintranet GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A security vulnerability exists in Cagintranet GetSimple CMS version 3.3.15. An attacker ca...