Foxit Reader command injection(CVE-2017-10951)and file writing Vulnerability(CVE-2017-10952)

A tale about Foxit Reader - Safe Reading mode and other vulnerabilities Some days ago someone send me the following link, which describes two vulnerabilities in Foxit Reader: http://thehackernews.com/2017/08/two-critical-zero-day-flaws-disclosed.html These two vulnerabilities are similar to the...

CVE-2017-3108

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability...

CVE-2017-3108

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability...

Privilege escalation

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability...

CVE-2017-3108

Adobe Experience Manager 6.2 and earlier has a malicious file execution vulnerability...

NoMachine 5.3.9 - Local Privilege Escalation

NoMachine 5.3.9 - Local Privilege Escalation """ Exploit Title: NoMachine LPE - Local Privilege Escalation Date: 09/08/2017 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.nomachine.com Software Link: https://www.nomachine.com Version: 5.3.9 Tested on: OSX CVE : CVE-2017-12763...

Security update for the Windows Error Reporting elevation of privilege vulnerability for and Windows Server 2008: August 8, 2017

Security update for the Windows Error Reporting elevation of privilege vulnerability for and Windows Server 2008: August 8, 2017 Summary This security update resolves a vulnerability in Windows Error Reporting WER. The vulnerability could allow elevation of privilege if successfully exploited by ...

Contao Directory Traversal Vulnerability (CNVD-2017-25541)

Contao is an open source content management system CMS developed using PHP. The system supports search engine , rights management and CSS framework . A security vulnerability exists in Contao versions prior to 3.5.28 and 4.x versions prior to 4.4.1. A remote attacker can exploit the vulnerability...

CVE-2017-8004

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance RSA IMG versio...

Unspecified Vulnerability in Mozilla Firefox and Firefox ESR for Windows (CNVD-2017-12556)

Mozilla Firefox for Windows is an open source web browser for the Windows platform from the Mozilla Foundation in the U.S. Firefox ESR for Windows is an extended support version of Firefox for the Windows platform. A security vulnerability exists in Mozilla Firefox for Windows versions prior to...

ActiveMQ web shell upload

The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request. This module requires Metasploit: https://metasploit.com/download Current source:...

Description of the security update for Skype for Business 2016: May 9, 2017

Description of the security update for Skype for Business 2016: May 9, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

Bitdefender Total Security DLL Loading Local Code Injection Vulnerability

Bitdefender Total Security is prone to local code injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-4313

Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. dot dot in an archive file...

CVE-2015-1839

CVE-2015-1839 affects SaltStack (Salt) due to insecure handling of files in /tmp in the module salt/modules/chef.py, specifically in versions before 2014.7.4. The vulnerability stems from improper /tmp handling, allowing an attacker to alter a specified file (per CNVD entry) and is documented acr...

McAfee Security Scan Plus File Execution Vulnerability - Windows

McAfee Security Scan Plus is prone to file execution vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Privilege escalation

Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation...

Privilege escalation

Malicious file execution vulnerability in Intel Security CloudAV Beta before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation...

CVE-2015-8991

Malicious file execution vulnerability in Intel Security McAfee Security Scan+ MSS+ before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation...

CVE-2015-8992

Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted malware during installation or uninstallation, but not during normal operation...