FreeBSD : irssi -- use-after-free potential code execution (06f931c0-0be0-11e7-b4bf-5404a68ad561)

The irssi project reports : Use after free while producing list of netjoins CWE-416. This issue was found and reported to us by APic. This issue usually leads to segmentation faults. Targeted code execution should be difficult. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Adobe Flash Player Code Execution Vulnerability (CNVD-2017-04298)

Adobe Flash Player is a software developed by Adobe, Inc. and is a widely used, proprietary multimedia program player. A code execution vulnerability exists in Adobe Flash Player, which can be exploited by an attacker to execute arbitrary code in the context of a user running in an affected...

Security Update for Microsoft Word 2016 (KB3178674) 32-Bit Edition

A security vulnerability exists in Microsoft Word 2016 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Ohu Government System/design/catid_user_save.php Code Execution Vulnerability

Ohuhu government system is the government portal system of Shanghai Ohuhu Network Technology Co. A code execution vulnerability exists in the Eurohoo government system/design/catidusersave.php. An attacker can exploit the vulnerability to execute arbitrary php code...

Ubuntu: Security Advisory (USN-3222-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 3803-1 (texlive-base - security update)

It was discovered that texlive-base, the TeX Live package which provides the essential TeX programs and files, whitelists mpost as an external program to be run from within the TeX source code called \write18. Since mpost allows to specify other programs to be run, an attacker can take advantage ...

CVE-2016-6104

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system...

Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2956; CVE-2017-2957)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a...

Adobe Reader DC XSLT attribute-set Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XSLT's...

CVE-2016-3173

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file e.g. an image which gets displayed at the portal application. Using script code at the file name leads t...

Adobe Flash Player Code Execution Vulnerability (CNVD-2016-12359)

Adobe Flash Player is a proprietary multimedia program developed by Adobe, Incorporated, and is widely used. A code execution vulnerability exists in Adobe Flash Player that could allow an attacker to execute arbitrary code within the user context of an affected application. A failed exploit...

Chrome Blink SpeechRecognitionController Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the seventeenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these...

Epignosis eFront Code Execution Vulnerability

Epignosis eFront is an online learning system with an Ajax interface from Epignosis USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. A code execution vulnerability exists in the globals.php page in eFront version 3.6.1...

IBM WebSphere Application Server Code Execution Vulnerability (Oct 2016)

IBM WebSphere Application Server is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Reader and Acrobat Remote Code Execution Vulnerability (CNVD-2016-08976)

Adobe Reader and Acrobat are PDF file-related software: Adobe Reader is a free PDF file reader, Acrobat is a PDF file editing and conversion tools. A security vulnerability exists in Adobe Reader and Acrobat, which can be exploited by an attacker to execute arbitrary code in the context of the...

ASUS RT-N10E Code Execution Vulnerability

ASUS RT-N10E Wireless Router is a wireless router device developed by ASUS. A code execution vulnerability exists in ASUS RT-N10E. An attacker can exploit the vulnerability to potentially execute system commands at some system commands. Code can also be executed via a cross-site request forgery...

CVE-2016-5383

The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."...

The Installer of PhishWall Client Internet Explorer DLL Load Code Execution Vulnerability

SecureBrain Corporation is a provider of software and services including Japan-specific cyber fraud and malware attacks. A code execution vulnerability exists in The Installer of PhishWall Client Internet. The vulnerability allows attackers to execute arbitrary code...

Hancom Office 2014 VP Local Arbitrary Code Execution Vulnerability (CNVD-2016-06352)

Hancom Office 2014 VP is a cloud storage service solution developed by Hancom Korea. Hancom Office 2014 VP suffers from a local arbitrary code execution vulnerability that could be exploited by a local attacker to execute arbitrary code in the context of the application or conduct a denial of...

CVE-2016-5263

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."...