The vulnerabilities of McAfee Total Protection (MTP), McAfee Anti-Virus Plus (AVP), and McAfee Internet Security (MIS) software lie in their shortcomings regarding the loading of external files and the verification of their digital signatures. This allows attackers to exploit these vulnerabilities to enhance their privileges and execute malicious code.

The vulnerabilities of McAfee Total Protection MTP, McAfee Anti-Virus Plus AVP, and McAfee Internet Security MIS are related to deficiencies in loading external files from inappropriate directories and verifying their digital signatures. Exploiting these vulnerabilities can allow attackers to...

Information disclosure

Multiple vulnerabilities in the smart tunnel functionality of Cisco Adaptive Security Appliance ASA could allow an authenticated, local attacker to elevate privileges to the root user or load a malicious library file while the tunnel is being established. For more information about these...

CVE-2019-9116

DLL hijacking is possible in Sublime Text 3 version 3.1.1 build 3176 on 32-bit Windows platforms because a Trojan horse api-ms-win-core-fibers-l1-1-1.dll or api-ms-win-core-localization-l1-2-1.dll file may be loaded if a victim uses sublimetext.exe to open a .txt file within an attacker's...

CVE-2018-1000889

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity XXE vulnerability in Circuit file loading functionality loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java that can result in information leak, possible RCE depending on system configuration. This attack appears t...

Xxe

Logisim Evolution version 2.14.3 and earlier contains an XML External Entity XXE vulnerability in Circuit file loading functionality loadXmlFrom in src/com/cburch/logisim/file/XmlReader.java that can result in information leak, possible RCE depending on system configuration. This attack appears t...

Logisim Evolution XML External Entity Injection Vulnerability

Logisim Evolution is a tool for designing and simulating data logic circuits. An XML external entity injection vulnerability exists in the Circuit file loading feature in Logisim Evolution 2.14.3 and earlier versions, which can be exploited by an attacker to disclose information and potentially...

The vulnerability of Watchguard’s wireless access points’ microprogramming software lies in the lack of sufficient file loading restrictions, allowing attackers to execute arbitrary commands.

The vulnerability of the microprogrammed software of Watchguard wireless access points relates to insufficient restrictions on file downloads. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary commands...

Microsoft Windows Image File Loading CVE-2018-8475 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely cause a denial-of-service condition. Technologies Affected Microsoft Windows ...

CVE-2017-5427

The CVE-2017-5427 entry covers a Mozilla Firefox/Firefox ESR startup vulnerability where a non-existent chrome.manifest file loaded from the primary installation directory can be exploited by a local attacker who places chrome.manifest and referenced files there. If exploited, startup-loaded code...

CVE-2018-9140

On Samsung mobile devices with M6.0 software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747...

CVE-2018-9140

On Samsung mobile devices with M6.0 software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747...

CVE-2018-9140

On Samsung mobile devices with M6.0 software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747...

CVE-2018-9140

CVE-2018-9140 concerns Samsung mobile devices running Android M (6.0). The Email application is vulnerable to a cross-site scripting (XSS) attack via an event attribute and can load arbitrary files through a src attribute, identified as SVE-2017-10747. Connected sources (NVD/CNVD/PRION/CVELIST) c...

CVE-2018-9140

On Samsung mobile devices with M6.0 software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747...

Code execution vulnerability in DedeCMS backend cache files

Weaving dream content management system DedeCms is a PHP open source website management system. A code execution vulnerability exists in the DedeCMS backend cache file. The vulnerability is due to the system mishandling of input information , allowing an attacker to exploit the vulnerability...

The vulnerability of the Android CAF-release operating system, related to resource management errors, allows attackers to exploit excessive memory usage.

The vulnerability of the Android CAF-release operating system is related to resource management errors. Exploiting this vulnerability allows a remote attacker to utilize excessive memory during file loading...

Design/Logic Flaw

In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on the targeted VNX Control Station system, aka...

JVN#16248227: PrimeDrive Desktop Application Installer may insecurely load executable files

PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Impact Arbitrary code may be...

JVN#71572107: Installer of Vivaldi for Windows may insecurely load executable files

The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest...

Mozilla Firefox File Loading Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. Mozilla Firefox suffers from a file loading vulnerability where a non-existent chrome.manifest file will attempt to be load...