October CMS upload process vulnerable to RCE via Race Condition

Impact This advisory affects plugins that expose the October\Rain\Database\Attach\File::fromData as a public interface. This vulnerability does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. When the developer allow...

GHSA-8V7H-CPC2-R8JP October CMS upload process vulnerable to RCE via Race Condition

Impact This advisory affects plugins that expose the October\Rain\Database\Attach\File::fromData as a public interface. This vulnerability does not affect vanilla installations of October CMS since this method is not exposed or used by the system internally or externally. When the developer allow...

AVG Anti-Virus本地特权提升漏洞

AVG Anti-Virus是一款反病毒应用程序。 AVG Anti-Virus不正确限制非特权用户写数据到内核内存，本地攻击者可以利用漏洞提升特权。 AVG Anti-Virus提供的服务驱动avg7core.sys存在问题，允许非特权用户写任意数据到任意地址。此驱动在它的通用DeviceIoControl处理器中支持两个IOCTLs，其中IOCTLs 0x5348E004用于获得核心驱动对用户模式组件上执行特权函数，由于设计错误，在没有进行任何检查就拷贝任意数据到用户模式应用程序提供的地址中。 AVG AVG Anti-Virus Free Edition 7.5.446 AVG A...

Advisory: Arbitrary kernel mode memory writes in AVG

======= Summary ======= Name: Arbitrary kernel mode memory writes in AVG Antivirus Release Date: 10 July 2007 Reference: NGS00500 Discover: Jonathan Lindsay john-lindsay ngssoftware com Vendor: Grisoft Vendor Reference: N/A Systems Affected: Windows NT based systems Risk: High Status: Fixed...