Vulnerability discovered in Schneider Electric EcoStruxure Control Expert

Vulnerabilities have been discovered in Schneider Electric EcoStruxure Control Expert. The vulnerabilities allow a local malicious able to cause a denial-of-service and to execute arbitrary execute arbitrary code by opening a rogue file. Schneider Electric categorizes this vulnerability according...

Vulnerability fixed in Foxit Reader

A vulnerability has been fixed in Foxit Reader. Due to the vulnerability makes it possible for a malicious person to execute arbitrary code under the user's privileges. To do this, however, the user must be tricked into opening a rogue file or to perform a specific action within the application...

Vulnerabilities fixed in Acronis Cyber Backup and True Image

Acronis has fixed multiple vulnerabilities in Cyber Backup and True Image. A local malicious party could potentially exploit them to execute arbitrary code under SYSTEM privileges. To do this, a rogue file must be placed in a specific folder on the file system. Acronis has released updates to fix...

Design/Logic Flaw

An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client...

Vulnerabilities fixed in SpamAssassin

Apache Foundation has fixed two vulnerabilities in SpamAssassin. An unauthenticated malicious person can remotely exploit these vulnerabilities to cause a denial-of-service cause, or by offering a rogue file potentially execute code under application privileges. Apache Foundation has released...

CVE-2019-6839

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow a...

Unrestricted file upload

A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow a...

MS08-012: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (947085)

The remote host is running a version of Microsoft Publisher that may allow arbitrary code to be run on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it. Then a bug in the font parsing handler would result in code execution. ...