788 matches found
CVE-2017-10994
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document...
CVE-2017-10994
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document...
CVE-2017-10994
Foxit CVE-2017-10994 affects Foxit Reader before 8.3.1 and Foxit PhantomPDF before 8.3.1. The vulnerability is described as an Arbitrary Write flaw that allows a remote attacker to execute arbitrary code via a crafted PDF document. Multiple connected advisories corroborate that the issue is a rem...
CVE-2017-10994
Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary Write vulnerability, which allows remote attackers to execute arbitrary code via a crafted document...
FortiClient SSLVPN Linux - Arbitrary write to log file
The first launch of FortiClient SSLVPN Linux creates a log file without any prior check. By previously creating a symbolic or hard link with the name of the log file to any file in the filesystem, an attacker may smash the latter existing file. This is due to the fact that the first launch of...
VulnCheck KEV: CVE-2017-3197
GIGABYTE BRIX UEFI firmware for the GB-BSi7H-6500 version F6 and GB-BXi7-5775 version F2 platforms does not securely implement BIOSWE, BLE, SMMBWP, and PRx features. As a result, the BIOS is not protected from arbitrary write access and may permit modifications to the SPI flash...
HEVD kernel vulnerability training-with Windows play-bug warning-the black bar safety net
For this training of the research study will kernel vulnerability principle, the use of the way, under Windows many common data structures have a preliminary understanding, from the open Ring0 gate. HEVD project address: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver For the kernel...
Oracle Outside In Technology PDF parser confusion Code Execution Vulnerability
Summary An exploitable arbitrary write vulnerability exists in the PDF parser functionality of Oracle Outside In Technology SDK. A specially crafted PDF document can cause a parser confusion resulting in an arbitrary write vulnerability ultimately leading to code execution. Tested Versions Oracle...
Google Android - 'IOMXNodeInstance::enableNativeBuffers' Unchecked Index
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=932 The code in IOMXNodeInstance.cpp that handles enableNativeBuffers uses portindex without validation, leading to writing the dword value 0 or 1 at an attacker controlled offset from the IOMXNodeInstance structure. The vulnerable...
DLA-697-1 bsdiff - security update
Bulletin has no description...
openSUSE Security Update : php5 (openSUSE-2016-1095)
This update for php5 fixes the following security issues : - CVE-2016-7124: Create an Unexpected Object and Don't Invoke wakeup in Deserialization - CVE-2016-7125: PHP Session Data Injection Vulnerability - CVE-2016-7126: selectcolors write out-of-bounds - CVE-2016-7127: imagegammacorrect allowed...
SUSE-SU-2016:2328-1 Security update for php53
This update for php53 fixes the following security issues: CVE-2014-3587: Integer overflow in the cdfreadpropertyinfo affecting SLES11 SP3 bsc987530 CVE-2016-6297: Stack-based buffer overflow vulnerability in phpstreamzipopener bsc991426 CVE-2016-6291: Out-of-bounds access in...
Internet Bug Bounty: imagegammacorrect allows arbitrary write access
Upstream Bug --- 2016-08-02 03:46 UTC https://bugs.php.net/bug.php?id=72730 Summary -- imagegammacorrect accepts two gamma values, if they don't have the same sign then the palette colors will be assigned values bigger than 0xFF, later this values are used to calculate the transparent color using...
Internet Bug Bounty: gdImageTrueColorToPaletteBody allows arbitrary write/read access
Upstream bug report ================ 2016-06-29 04:03 UTC https://bugs.php.net/bug.php?id=72512 Patch ===== 2016-07-19 07:47 UTC http://git.php.net/?p=php-src.git;a=commit;h=928aecc002e906b309b28f0062f03d4e5eda3e45 Fixed for PHP 5.5 security only mode, PHP 5.6, PHP 7.0...
Magento < 2.0.6 - Unauthenticated Arbitrary Unserialize -> Arbitrary Write File
Exploit for php platform in category web applications arbitrary write file // Date: 18/05/206 // Exploit Author: agix discovered by NETANEL RUBIN // Vendor Homepage: https://magento.com // Version: /shipping-information // in the response check the payment method it may vary from checkmo // // If...
Janitza UMG Arbitrary File Read/Write Vulnerability (CNVD-2015-07286)
The Janitza UMG is an online power quality monitor for the energy industry from Janitza Germany. An arbitrary file read/write vulnerability exists in Janitza UMG 508, 509, 511, 604, 605. This allows remote attackers to read or write files via a TCP session on port 21...
Shopify: Arbitrary write on s3://shopify-delivery-app-storage/files
Short ==== The policy used to upload files via the Delivery app is too generic which results in an arbitrary write and replace of files in the files/ directory. Disclaimer: While I was unable to create a second store to fully test this I can't create new development stores right now, support is...
Kaspersky AntiVirus - UPX Parsing Memory Corruption
Source: https://code.google.com/p/google-security-research/issues/detail?id=527 While fuzzing UPX packed files, this crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for remote code execution as NT AUTHORITY\SYSTEM. First...
VBox Satellite Express Arbitrary Write Privilege Escalation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-005 : VBox Satellite Express Arbitrary Write Privilege Escalation Title: VBox Satellite Express Arbitrary Write Privilege Escalation Advisory ID: KL-001-2015-005 Publication Date: 2015.09.16 Publication URL:...
VBox Satellite Express 2.3.17.3 - Arbitrary Write Vulnerability
A vulnerability within the ndvbs module allows an attacker to inject memory they control into an arbitrary location they define. This vulnerability can be used to overwrite function pointers in HalDispatchTable resulting in an elevation of privilege. suffers from code execution, and local file...