EUVD-2016-2166

Malware in sbrugna...

GitHub Kanban MCP Server vulnerable to Command Injection

The MCP Server at https://github.com/Sunwood-ai-labs/github-kanban-mcp-server/ is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. Vulnerable tool The MCP Server exposes the tool addcomment which...

Privilege escalation

The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and...

CVE-2022-22770

The CVE-2022-22770 issue affects TIBCO AuditSafe Web Server in versions ≤ 1.1.0, where an unauthenticated, network-remote attacker can call API methods on the affected system. The root cause is an authorization/configuration flaw in the Web Server component that permits arbitrary API method execu...

Trend Micro Internet Security vulnerability where files may be excluded as scan targets

Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability where arbitrary files or folders may be excluded as scan targets when the conditions below are met. An attacker can place a specific file into the system The attacker can execute a specific API fr...

CVE-2016-4215

CVE-2016-4215 affects Adobe Reader and Acrobat products on Windows and macOS, enabling bypass of JavaScript API execution restrictions. Affected are: Reader/Acrobat before 11.0.17, DC Classic before 15.006.30198, and DC Continuous before 15.017.20050. The Vector(s) are unspecified in the provided...

Japan Connected-free Wi-Fi vulnerable to API execution

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

JVN#46888319: Japan Connected-free Wi-Fi vulnerable to API execution

Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker. Impact Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are granted in...

Adobe Acrobat < 11.0.16 / 15.006.30172 / 15.016.20039 Multiple Vulnerabilities (APSB16-14) (Mac OS X)

The version of Adobe Acrobat installed on the remote Mac OS X host is prior to 11.0.16 / 15.006.30172 / 15.016.20039. It is, therefore, affected by multiple vulnerabilities : - Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. CVE-2016-1045, CVE-2016-1046,...

CVE-2016-1042

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerabili...

CVE-2015-7623

The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API...

Reversi vulnerable to URL whitelist bypass

Overview Reversi provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". Reversi contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported...

MEGAPHONE MUSIC vulnerable to URL whitelist bypass

Overview MEGAPHONE MUSIC provided by Newphoria Corporation Inc. is an application for both iOS or Android built using "applican". MEGAPHONE MUSIC contains an issue where an arbitrary page may be loaded if the application is launched using the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprou...

applican vulnerable to URL whitelist bypass

Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican provides a whitelisting function whitelist.xml to limit the URLs that applications can access. However, if the application is launched using the URL-scheme, the...

Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass

Overview Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Kenta Suefusa and Tomonori Shiomi of Sprout Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with...

JVN#04644117: Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass

Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains an issue where an arbitrary page may be loaded if the application is launched with the URL-scheme. Impact Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are grant...

Adobe Acrobat < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 10.1.15, 11.0.12, 2015.006.30060, or 2015.008.20082. It is, therefore, affected by multiple vulnerabilities. - Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader D...