blueman - set_dhcp_handler D-Bus Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'blueman setdhcphandler D-Bus Privilege Escalation', 'Description' = %q This module attempts...

SugarCRM (addLabels) PHP Code Injection Vulnerability

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. A PHP code...

EVLink Parking Code Injection Vulnerability

Schneider Electric EVLink Parking is a commercial electric vehicle charging solution from Schneider Electric, France. A code injection vulnerability exists in Schneider Electric EVLink Parking 3.2.0-12v1 and prior versions. A remote attacker could exploit this vulnerability to execute code and ga...

Siemens SIMATIC Panels and SIMATIC WinCC Code Injection Vulnerability

Siemens SIMATIC Panels and SIMATIC WinCC TIA Portal are both products of Siemens, Germany.Siemens SIMATIC Panels is a human-machine interface panel.SIMATIC WinCC is an automated data acquisition and monitoring SCADA SIMATIC WinCC is an automated data acquisition and monitoring SCADA system. A cod...

Node.js third-party modules: Code Injection Vulnerability in zombie Package

I would like to report a code injection vulnerability in zombie. It allows crawled websites to access privileged APIs such as the file system or child process. Module module name: zombie version: 6.1.2 npm page: https://www.npmjs.com/package/zombie Module Description Insanely fast, headless...

MGASA-2018-0325 Updated wesnoth packages fix security vulnerability

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and play...

Hackers Reveal How Code Injection Attack Works in Signal Messaging App

After the revelation of the eFail attack details, it's time to reveal how the recently reported code injection vulnerability in the popular end-to-end encrypted Signal messaging app works. As we reported last weekend, Signal has patched its messaging app for Windows and Linux that suffered a code...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

CVE-2018-1273 Spring Data Commons, versions prior to 1.13 to...

Debian DLA-1249-2 : smarty3 regression update

It was previously discovered that there was a code-injection vulnerability in smarty3, a PHP template engine. A via specially crafted filename in comments could result in arbitrary code execution. However, the fix in 3.1.10-2+deb7u2 was incorrect. For Debian 7 'Wheezy', this regression has been...

Code injection

In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage due to lack of an EOF End of File check might cause huge CPU consumption. When a crafted PSD file, which claims a large "extent" field in the header but does not contain sufficient backing data, is provided, the loop over "length"...

The vulnerability of the Simple Network Management Protocol (SNMP) subsystem of the Cisco IOS operating system, which allows a hacker to inject code or trigger a system reboot.

Many vulnerabilities in the Simple Network Management Protocol SNMP subsystem of the Cisco IOS operating system are caused by buffer overflows. Exploiting these vulnerabilities allows a malicious actor to inject code into the system or cause it to restart by sending specially created SNMP packets...

SAP TREX Code Injection Vulnerability

SAP TREX is a search engine from SAP for the SAP NetWeaver integrated technology platform. A code injection vulnerability exists in SAP TREX version 7.10. The vulnerability can be exploited by a remote attacker to read or write to arbitrary files and execute arbitrary code with the help of the fd...

PT-2018-09: Code Injection in Ipswitch WhatsUp Gold

The specialists of the Positive Research center have detected a Code Injection vulnerability in Ipswitch WhatsUp Gold. A code injection vulnerability in DlgSelectMibFile.asp in Ipswitch WhatsUp Gold allows attackers to execute arbitrary commands and code on the WhatsUp Gold server via a specially...

CVE-2017-5565

CVE-2017-5565 affects Trend Micro products (Maximum Security, Internet Security, Antivirus+ Security 11.0 and earlier) and is a local code-injection vulnerability. The root cause described across sources is that an attacker can abuse Microsoft Application Verifier by inserting a DLL via Image Fil...

AuraDVD Ripper Professional DLL Hostage Vulnerability

Aura DVD Ripper Professional is an easy-to-use DVD video converter. Aura DVD Ripper Professional 1.6.3 suffers from a DLL hostage vulnerability that allows a local attacker to inject code into the database to gain higher privileges on the system...

SUSE-SU-2016:2457-1 Security update for openstack-horizon-plugin-manila-ui

This update for openstack-horizon-plugin-manila-ui fixes the metadatatostr function code injection vulnerability. bsc988935, CVE-2016-6519...

IPS Community Suite PHP Code Injection Vulnerability

IPS Community Suite also known as Invision Power Board, IPB or Power Board is a PHP and MySQL based Web forum program from Invision Power Services IPS. The program makes it easy to create and manage online forums. A PHP code injection vulnerability exists in IPS Community Suite 4.1.12.3 and earli...

Fedora 22 : rubygem-actionpack-4.2.0-4.fc22 / rubygem-actionview-4.2.0-5.fc22 (2016-3954061e32)

Fix rails-html-sanitizer v1.0.3 compatibility. Fix code injection vulnerability CVE-2016-2098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Fedora 23 : rubygem-actionpack-4.2.3-5.fc23 / rubygem-actionview-4.2.3-5.fc23 (2016-f6af14570f)

Fix rails-html-sanitizer v1.0.3 compatibility. Fix code injection vulnerability CVE-2016-2098. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...

Possible remote code execution vulnerability in Action Pack

There is a possible remote code execution vulnerability in Action Pack. This vulnerability has been assigned the CVE identifier CVE-2016-2098. Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x Not affected: 5.0+ Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2 Impact ------ Applications that pass unverifi...