208 matches found
CVE-2017-17867
Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the...
Microsoft Excel - OLE Arbitrary Code Execution
Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016 32/64 bits x86 and x64 Tested on: Windows...
CVE-2017-7178
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...
Cross site request forgery (csrf)
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...
CVE-2017-7178
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...
CVE-2017-7178
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...
CVE-2017-7178
CSRF was discovered in the web UI in Deluge before 1.3.14. The exploitation methodology involves 1 hosting a crafted plugin that executes an arbitrary program from its init.py file and 2 causing the victim to download, install, and enable this plugin...
BlueStacks App Player Privilege Escalation Vulnerability
BlueStacks App Player is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2015-2114
HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors...
Eric Allman Sendmail 8.8 .x Socket Hijack Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/774/info Through exploiting a combination of seemingly low-risk vulnerabilities in sendmail, it is possible for a malicious local user to have an arbitrary program inherit or hijack the file descriptor for the socket...
Halloween Linux 4.0,S.u.S.E. Linux 6.0/6.1/6.2/6.3 kreatecd Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1061/info A vulnerability exists in the kreatecd program for Linux. This program is a graphical front end to the cdrecord program, and is installed setuid root. This program will blindly trust the configuration of the pat...
MS Virtual Machine 2000/3100/3200/3300 Series com.ms.activeX.ActiveXComponent Arbitrary Program Execution
No description provided by source. source: http://www.securityfocus.com/bid/1754/info If a malicious website operator were to embed a specially crafted java object into a HTML document, it would be possible to execute arbitrary programs on a target host viewing the webpage through either Microsof...
Design/Logic Flaw
VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors...
CVE-2014-1209
VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors...
CVE-2012-3022
The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted w...
CVE-2012-2990
The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.120741313, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and...
Hardcoded credentials
The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.120741313, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and...
CVE-2012-2990
The CVE-2012-2990 entry concerns the MarkAny ContentSAFER MASetupCaller ActiveX control (MASetupCaller.dll) bundled with Samsung KIES. The vulnerability affects versions prior to 1.4.2012.508 and is triggered by certain method calls in the ActiveX, allowing a remote attacker to download and execu...
Design/Logic Flaw
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787...
FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11
The host is running FFFTP and is prone to untrusted search path vulnerability. OpenVAS Vulnerability Test $Id: secpodffftpuntrustedsearchpathvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ FFFTP Untrusted Search Path Vulnerability Windows - Dec 11 Authors: Madhuri D Copyright: Copyright c 2011 SecPo...