CleanMyMac3 Local Privilege Escalation Exploit

Exploit for macOS platform in category local exploits CleanMyMac3 installs a rooted helper com.macpaw.CleanMyMac3.Agent, and its XPC interface does not validate anything. In CMPrivilegedOperationprotocol, there are actually more than one way to execute privileged code. The most straight forward o...

New ownerAnyone Bug Allows For Anyone to ''Own'' Certain ERC20-Based Smart Contracts (CVE-2018-10705)

This morning, our vulnerability-scanning system at PeckShield identified a new vulnerability named ownerAnyone in certain ERC20-based smart contracts such as AURA, which is deployed by a decentralized banking and finance platform – AURORA. This bug, if successfully exploited, might introduce the...

NETGEAR WNR2000 Router Access Control Vulnerability

The Netgear WNR2000 is a wireless router product from the American company Netgear. An access control vulnerability exists in the NETGEAR WNR2000 router. Because the applynoauth.cgi function has similar functionality to the apply.cgi function used by administrators to perform sensitive operationa...

Amazon Linux AMI : ImageMagick (ALAS-2016-699) (ImageTragick)

It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagick utilities,...

Important: ImageMagick

Issue Overview: It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the ImageMagi...

Scientific Linux Security Update : ImageMagick on SL6.x, SL7.x i386/x86_64 (20160509) (ImageTragick)

Security Fixes : - It was discovered that ImageMagick did not properly sanitize certain input before passing it to the delegate functionality. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an unsuspecting user using the...

CVE-2016-3717

It was discovered that certain ImageMagick coders and pseudo-protocols did not properly prevent security sensitive operations when processing specially crafted images. A remote attacker could create a specially crafted image that, when processed by an application using ImageMagick or an...

Ubuntu Update for unity-firefox-extension USN-1665-1

Ubuntu Update for Linux kernel vulnerabilities USN-1665-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN16651.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for unity-firefox-extension USN-1665-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH,...

USN-1665-1: unity-firefox-extension vulnerability

It was discovered that unity-firefox-extension bypassed the same origin policy checks in certain circumstances. If a user were tricked into opening a malicious page, an attacker could exploit this to steal confidential data or perform other security-sensitive operations...

PT-1990-1003 · At&T +1 · Korn Shell +1

Name of the Vulnerable Software and Affected Versions: HP Apollo Domain/OS versions sr10.2 through sr10.3 beta Description: The issue is related to the /etc/suid exec program and the Korn Shell ksh in HP Apollo Domain/OS. Recommendations: For HP Apollo Domain/OS versions sr10.2 through sr10.3 bet...