FormatFactory Local Stack Overflow Vulnerability

FormatFactory is audio, video and graphics file type conversion software. A local stack buffer overflow vulnerability exists in FormatFactory version 3.9.0. A faulty validation check in a load file .task causes a stack overflow that can crash the affected program...

PHP < 5.6.0 DoS Vulnerability - Windows

PHP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Installer Error: "This installation cannot be updated automatically." or "Unable to proceed with the setup"

Challenge When attempting to update Veeam software, the following error occurs: This installation cannot be updated automatically. Please contact Veeam customer support for assistance with manual update. Alternatively, the following error occurs: An error has occurred: Unable to proceed with the...

Multiple F5 Products Privilege Acquisition Vulnerabilities (CNVD-2016-06538)

F5 BIG-IP LTM, etc. are products of F5 USA.LTM is a local traffic manager; APM is a set of solutions that provide secure and unified access to business-critical applications and networks. A privilege-acquisition vulnerability exists in multiple F5 products that stems from the failure of the BIG-I...

FreeBSD : fontconfig -- insufficiently cache file validation (44989c29-67d1-11e6-8b1d-c86000169601)

Debian security team reports : Tobias Stoeckmann discovered that cache files are insufficiently validated in fontconfig, a generic font configuration library. An attacker can trigger arbitrary free calls, which in turn allows double free attacks and therefore arbitrary code execution. In...

F5 BIG-IP - BIG-IP file validation vulnerability CVE-2015-8022

The BIG-IP Configuration utility may not properly validate file type or contents where uploaded files are allowed in the Access Policy Manager customization configuration section. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and ar...

F5 Networks BIG-IP : BIG-IP file validation vulnerability (K12401251)

The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM an...

Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)

Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a...

File upload vulnerability example analysis-vulnerability warning-the black bar safety net

Principles File upload is a Web application that often appear in the function,it allows users to upload files to the server and saved to a specific location. This security is a very sensitive issue, once the malicious program is uploaded to the server and get the Execute permission, the...

F5 Networks BIG-IP : BIG-IP file validation vulnerability (K49580002)

The BIG-IP Configuration utility may not properly validate file type or contents where uploaded files are allowed in the Access Policy Manager configuration section uploadImage.php. CVE-2015-8021 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion

Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion Source: https://code.google.com/p/google-security-research/issues/detail?id=465 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for...

Microsoft Office 2007 - BIFFRecord Length Use-After-Free

Microsoft Office 2007 - BIFFRecord Length Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=464 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and...

Microsoft Office 2007 MSO.dll Arbitrary Free Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=417&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and...

Microsoft Office 2007 - wwlib.dll fcPlcfFldMom Uninitialized Heap Usage

Microsoft Office 2007 - wwlib.dll fcPlcfFldMom Uninitialized Heap Usage Source: https://code.google.com/p/google-security-research/issues/detail?id=424&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier...

Microsoft Office 2007 - MSPTLS Heap Index Integer Underflow (MS15-081)

Source: https://code.google.com/p/google-security-research/issues/detail?id=431&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office...

Microsoft Office 2007 - &#039;OGL.dll&#039; DpOutputSpanStretch::OutputSpan Out of Bounds Write (MS15-080)

Source: https://code.google.com/p/google-security-research/issues/detail?id=420&can=1 The following crash was observed in Microsoft Office 2007 with Microsoft Office File Validation Add-In disabled and Application Verifier enabled for testing and reproduction. This bug also reproduced in Office...

CVE-2015-5457

PivotX prior to 2.3.11 is vulnerable: it fails to validate the new file extension when renaming a file that has multiple extensions, enabling remote code execution via a crafted file (e.g., foo.php.php). Affected product: PivotX. Root cause: improper validation of file extensions during rename. I...

The vulnerability of the Flash Player software allows a perpetrator to trigger a service failure or execute arbitrary code.

The vulnerability of the Flash Player software exists due to improper checking of files. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code...

The vulnerability of the Adobe AIR software platform allows a perpetrator to trigger a service failure or execute arbitrary code.

The vulnerability of the Adobe AIR software platform exists due to improper file validation. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code...

WordPress Holding Pattern Theme Arbitrary File Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'socket' class Metasploit3 'WordPress Holding Pattern Theme Arbitrary File Upload', 'Description' = %q This module exploits a file upload...