The vulnerability of the HTTP protocol handler of the software tool for downloading files over the network via Wget allows a hacker to execute arbitrary code.

The vulnerability of the HTTP protocol handler of the software tool for downloading files over the network, Wget, arises from the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using a specially prepared...

Microsoft Windows Multiple Vulnerabilities (KB4053578)

This host is missing a critical security update according to Microsoft KB4053578 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4054519)

This host is missing a critical security update according to Microsoft KB4054519 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-11927

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines...

CVE-2017-11927

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines...

Information disclosure

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the Windows its:// protocol handler determines...

KB4053578: Windows 10 Version 1511 December 2017 Security Update

The remote Windows host is missing security update 4053578. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a wa...

Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacke...

Windows Server 2012 December 2017 Security Updates

The remote Windows host is missing security update 4054523 or cumulative update 4054520. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in RPC if the server has Routing and Remote Access enabled. An attacker who successfully exploited this...

Windows 7 and Windows Server 2008 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054521 or cumulative update 4054518. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacke...

KB4053580: Windows 10 Version 1703 December 2017 Security Update

The remote Windows host is missing security update 4053580. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a wa...

CVE-2017-11480

Packetbeat (Elastic Beats) contains a denial-of-service flaw in the PostgreSQL protocol handler. In affected versions prior to 5.6.4 (and mentions of 6.0.0 in some advisories), an attacker that can send arbitrary network traffic to a monitored PostgreSQL port could cause Packetbeat to fail loggin...

Description of the security update for the information disclosure vulnerability in Windows Server 2008: December 12, 2017

Description of the security update for the information disclosure vulnerability in Windows Server 2008: December 12, 2017 Summary An information disclosure vulnerability exists when the Windows its:// protocol handler unnecessarily sends traffic to a remote site to determine the zone of a provide...

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure Exploit

Exploit for java platform in category web applications !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$ ./poc.py 'C:/Program...

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure

Oracle Java SE - Web Start jnlp XML External Entity Processing Information Disclosure !/usr/local/bin/python """ Oracle Java SE Web Start jnlp XML External Entity Processing Information Disclosure Vulnerability Affected: + eg: ./poc.py 'C:/Program Files/Java/jre1.8.0131/README.txt' saturn: mrme$...

Cisco ASR 5500 System Architecture Evolution Gateway Denial of Service Vulnerability

Cisco ASR 5500 System Architecture Evolution SAE Gateways is a gateway device from Cisco.General Packet Radio Service GPRS Tunneling Protocol ingress packet handler is one of the General Packet Radio Service GPRS Tunneling Protocol ingress packet handlers. A denial of service vulnerability exists...

macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution and Arbitrary File Read Exploit

Google Security Research / OSX: HelpViewer XSS leads to arbitrary file execution and arbitrary file read. HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open /Applications/Safari.app/Contents/Resources/Safari.help...

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution Arbitrary File Read

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution Arbitrary File Read / OSX: HelpViewer XSS leads to arbitrary file execution and arbitrary file read. HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open...

macOS HelpViewer XSS leads to arbitrary file execution and arbitrary file read（CVE-2017-2361）

HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open /Applications/Safari.app/Contents/Resources/Safari.help or using "help:" scheme: help:openbook=com.apple.safari.help...

(0Day) Google Chrome Protocol Handler Logic Error Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to bypass restrictions on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of URIs...