Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2016-5983)

Summary IBM WebSphere Application Server is shipped as a component of IBM Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin: Security Bulletin: Code...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1517-1)

This update for the Linux Kernel 3.12.61-5280 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver was fixed. bsc1085447. - CVE-2018-8897: A statement in the System Programming Guide of the Intel...

Code Execution Vulnerability in School Worry-Free School Website System

School Worry-Free School Website System is a universal school website management system for primary and secondary schools. A code execution vulnerability exists in the SchoolWorryFree School Website System. An attacker can exploit the vulnerability to log in to the backend, upload Trojan horse, a...

SUSE-SU-2018:1398-1 Security update for bash

This update for bash fixes the following issues: Security issues fixed: - CVE-2016-7543: A code execution possibility via SHELLOPTS+PS4 variable was fixed bsc1001299 - CVE-2016-0634: Arbitrary code execution via malicious hostname was fixed bsc1000396 Non-security issues fixed: - Fix repeating...

Critical: Red Hat Security Advisory: flash-plugin security update

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Cosmo Arbitrary PHP Code Execution Vulnerability

Cosmo is a set of CMS Content Management System built on AngularJS and PHP. A security vulnerability exists in Cosmo version 1.0.0Beta6. The vulnerability can be exploited to execute arbitrary PHP code via the Database Prefix field in the Database Info screen on the localhost/Cosmo/install.php li...

CVE-2017-2812

A code execution vulnerability exists in the kdubufferedexpand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise...

CVE-2017-2812

A code execution vulnerability exists in the kdubufferedexpand function of the Kakadu SDK 7.9. A specially crafted JPEG 2000 file can be read by the program and can lead to an out of bounds write causing an exploitable condition to arise...

CVE-2018-1027

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011...

Adobe Flash Player Code Execution Vulnerability (CNVD-2018-09032)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player. A remote attacker could exploit this vulnerability to execu...

Security Update for Microsoft Word 2016 (KB4018339) 64-Bit Edition

A security vulnerability exists in Microsoft Word 2016 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Word Attachment Delivers FormBook Malware, No Macros Required

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware. Researchers at Menlo Security are reporting a wave of attacks that began last month that are targeting financial and...

CVE-2018-5223

Fisheye and Crucible did not correctly check if a configured Mercurial repository URI contained values that the Windows operating system may consider argument parameters. An attacker who has permission to add a repository in Fisheye or Crucible can execute code of their choice on systems that run...

CVE-2018-7600

Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations...

Debian DLA-1325-1 : drupal7 security update (Drupalgeddon 2)

Jasper Mattsson found a remote code execution vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. For further information please refer to the...

AMD Ryzen and Ryzen Pro Promontory chipset code execution vulnerability

AMD Ryzen and Ryzen Pro are both central processing unit CPU products from AMD in the U.S. Promontory chipset is one of these chipsets. The Promontory chipset used in AMD Ryzen and Ryzen Pro has a security vulnerability that stems from a backdoor in the firmware. An attacker could exploit the...

Microsoft Windows CVE-2018-0886 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1607 f...

Duomi (DuomiCms) Movie Management System X3.0 version of the existing code execution vulnerabilities

Duomi DuomiCms Movie and TV management system is a set of video on demand system designed for different needs of webmasters. Duomi DuomiCms Movie and TV Management System X3.0 version of the code execution vulnerability, an attacker can exploit the vulnerability to execute arbitrary code...

Apache Geode Code Execution Vulnerability (CNVD-2018-04076)

Apache Geode is the Apache Software Foundation's suite of management platforms for distributed cloud architectures that provide real-time and consistent access to data for data-intensive applications. A code execution vulnerability exists in Apache Geode. A remote attacker could exploit this...

Google Chrome < 64.0.3282.167 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 64.0.3282.167. It is, therefore, affected by a vulnerability as referenced in the 201802stable-channel-update-for-desktop13 advisory. - Type confusion could lead to a heap out-of-bounds write in V8 in Google Chrome prio...