1075 matches found
CVE-2016-9950
CVE-2016-9950 affects Apport before 2.20.4. A path traversal in the crash file handling (Package and SourcePackage fields) builds paths to /usr/share/apport/package-hooks/ and can be exploited to execute arbitrary Python files on the local system. Affected software is Apport; root cause is improp...
UBUNTU-CVE-2016-9951
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in RespawnCommand or ProcCmdline fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the...
UBUNTU-CVE-2016-9950
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this...
Debian DSA-3731-1 : chromium-browser - security update
Several vulnerabilities have been discovered in the chromium web browser. - CVE-2016-5181 A cross-site scripting issue was discovered. - CVE-2016-5182 Giwan Go discovered a heap overflow issue. - CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. - CVE-2016-5184 Another...
Debian Security Advisory DSA 3731-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5181 A cross-site scripting issue was discovered. CVE-2016-5182 Giwan Go discovered a heap overflow issue. CVE-2016-5183 A use-after-free issue was discovered in the pdfium library. CVE-2016-5184 Another...
MGASA-2016-0409 Updated thunderbird packages fix security vulnerabilities
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash CVE-2016-5296. The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This...
Updated thunderbird packages fix security vulnerabilities
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash CVE-2016-5296. The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This...
Panda Gold Protection 2014 (7.01.01) Privilege Escalation Vulnerability (CVE-2014-3450) - Windows
Panda Products is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Panda Antivirus Pro 2014 Privilege Escalation Vulnerability (CVE-2014-3450) - Windows
Antivirus Pro 2014 is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Panda Internet Security 2014 (19.01.01) Privilege Escalation Vulnerability (CVE-2014-3450) - Windows
Panda Products is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Panda Small Business Protection <= 16.1.2 Privilege Escalation Vulnerability
Panda Small Business Protection is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Panda Gold Protection 2014 Privilege Escalation Vulnerability (CVE-2014-3450) - Windows
Panda Gold Protection 2014 is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VHD Driver Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Virtual Hard Disk Drive fails to properly handle user access to certain files. An attacker who successfully exploited the vulnerability could manipulate files in locations not intended to be available to the user. To exploit the...
Microsoft Windows VHDFS Driver Elevation of Privilege (MS16-138: CVE-2016-7224)
Multiple elevation of privilege vulnerabilities exist in the Windows VHDMP kernel driver. The vulnerability is due to the way driver fails to properly handle user access to certain files. An attacker can exploit this vulnerability by gaining access to the local system and executing a specially...
MySQL / MariaDB / PerconaDB 提权/条件竞争漏洞(CVE-2016-6663)
Release date: 01.11.2016 - Discovered by: Dawid Golunski I. VULNERABILITY ------------------------- MySQL / MariaDB / PerconaDB - Privilege Escalation / Race Condition MariaDB 5.5.52 10.1.18 10.0.28 MySQL = 5.5.51 = 5.6.32 = 5.7.14 Percona Server 5.5.51-38.2 5.6.32-78-1 5.7.14-8 Percona XtraDB...
PDF Complete Office Edition 4.1.12 - Unquoted Service Path Privilege Escalation Exploit
Exploit Title : PDFcompletecorporateedition.rb - 'Unquoted Service Path Privilege Escalation' PDF Version : 4.1.12 vuln Discover : Joey Lane Module Author : pedr0 Ubuntu r00t-3xp10it Tested on : Windows 7 Professional Software Link : http://www.pdfcomplete.com/cms/Downloads.aspx "This was tested ...
Linux kernel 2.6.22 < 3.9 elevation of privilege vulnerability (Dirty COW)
Summary A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write COW breakage of private read-only memory mappings. All the information we have so far is included in this page. The bug has existed since around 2.6.22 released in 2007 and was fixed on Oct...
PDF Complete 4.1.12 Corporate Edition Privilege Escalation
Exploit Title: PDF Complete Corporate Edition - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Software Link: http://www.pdfcomplete.com/cms/Downloads.aspx Version: 4.1.12 Tested on: Windows 7 Professional PDF Complete Corporate Edition installs a service wi...
Lenovo Slim USB Keyboard 1.09 Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Title: Lenovo Slim USB Keyboard - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Version: 1.09 Tested on: Windows 7 Professional The Lenovo Slim USB Keyboard service is installed with an unquote...
PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation
PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation Exploit Title: PDF Complete Corporate Edition - Unquoted Service Path Privilege Escalation Date: 10/19/2016 Exploit Author: Joey Lane Software Link: http://www.pdfcomplete.com/cms/Downloads.aspx Version: 4.1.12...