SUSE CVE-2015-1877

The opengenericxdgmime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands via a crafted file...

November 29, 2022—KB5020044 (OS Build 22621.900) Preview

November 29, 2022—KB5020044 OS Build 22621.900 Preview 11/8/22 IMPORTANT Because of minimal operations during the holidays and the upcoming Western new year, there won’t be a non-security preview release for the month of December 2022. There will be a monthly security release known as a “B” relea...

CVE-2022-33749

Removed by vendor...

CVE-2022-28255

Acrobat Reader DC version 22.001.2011x and earlier, 20.005.3033x and earlier and 17.012.3022x and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this...

CVE-2021-42728

Adobe Bridge 11.1.1 and earlier is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridg...

CVE-2022-24369

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.1.0.52543. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2021-46584

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2021-34897

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

CVE-2021-40754

Adobe After Effects version 18.4.1 and earlier is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a...

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname constructed with an empty first argument in an ioutil.TempDir call.

...

SUSE: Security Advisory (SUSE-SU-2014:0248-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the Control FPWIN Pro programming software lies in its ability to write beyond the buffer boundaries into memory, allowing a hacker to execute arbitrary code.

The vulnerability of the PLC programming software Control FPWIN Pro relates to writing beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by having the user open a specially crafted malicious file...

Linux/x86 /etc/hosts Mapping Add Polymorphic Shellcode

102 bytes small Linux/x86 add map in /etc/hosts file polymorphic shellcode. Title: Linux/x86 - Add map in /etc/hosts file polymorphic shellcode 102 bytes Author: Xenofon Vassilakopoulos Date: 2020-06-15 Tested on: Linux kali 5.3.0-kali2-686-pae 1 SMP Debian 5.3.9-3kali1 2019-11-20 i686 GNU/Linux...

Everest 'Open File' Denial of Service Vulnerability

Everest is a tool for testing hardware and software system information. A denial of service vulnerability exists in Everest 'Open File'. An attacker can exploit the vulnerability to cause a denial of service attack...

Everest 5.50.2100 - (Open File) Denial of Service Exploit

Exploit Title: Everest 5.50.2100 - 'Open File' Denial of Service PoC Discovery by: Ivan Marmolejo Software Link : http://www.lavalys.com/ Tested Version: 5.50.2100 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows 10 Home Single Language Steps to produce the crash: 1.- Run...

Everest 5.50.2100 - 'Open File' Denial of Service (PoC)

Exploit Title: Everest 5.50.2100 - 'Open File' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-03-24 Software Link : http://www.lavalys.com/ Tested Version: 5.50.2100 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows 10 Home Single Language Steps to...

Open TFTP Server Formatting String Error Vulnerability

Open TFTP Server MT is a file transfer server. A formatting string error vulnerability exists in the 'logMess' function in Open TFTP Server MT version 1.65 and earlier. The vulnerability stems from a network system or product that receives external formatted strings as parameters with lax filteri...

Open TFTP Server SP 'logMess' Function Buffer Overflow Vulnerability

Open TFTP Server SP is a file transfer server. A buffer overflow vulnerability exists in the 'logMess' function in Open TFTP Server SP version 1.66 and earlier. The vulnerability originates when a network system or product performs an operation in memory without properly validating data boundarie...

oXygen XML Editor 21.1.1 - XML External Entity Injection

oXygen XML Editor 21.1.1 - XML External Entity Injection Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Date: 2019-11-13 Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version:...

CVE-2019-5048

A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file...