CVE-2018-16295

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Reader before 9.3 and PhantomPDF before 9.3, a different vulnerability than CVE-2018-16291, CVE-2018-16292, CVE-2018-16293, CVE-2018-16294, CVE-2018-16296, and CVE-2018-16297. A specially crafted PDF document can...

CVE-2018-3965

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the...

Belkin Wemo-Enabled Crock-Pot Remote Control

This module acts as a simple remote control for Belkin Wemo-enabled Crock-Pots by implementing a subset of the functionality provided by the Wemo App. No vulnerabilities are exploited by this Metasploit module in any way. This module requires Metasploit: https://metasploit.com/download Current...

PT-2018-16348 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 9.1.0.5096 Description: An exploitable use-after-free issue exists in the JavaScript engine of Foxit Software's Foxit PDF Reader. A specially crafted PDF document can trigger a previously freed object in memory to be...

CVE-2018-3959

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Author property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this...

CVE-2018-3960

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this...

CVE-2018-11750

Previous releases of the Puppet ciscoios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of ciscoios, host key checking is enabled by default...

Telegram Desktop Information Disclosure Vulnerability (CNVD-2018-20542)

Telegram is a suite of mobile messaging tools. Telegram Desktop aka tdesktop is its desktop application. A security vulnerability exists in Telegram Desktop version 1.3.16 alpha, which is caused by the program using the SOCKS5 protocol to transfer credentials and application data in clear text wh...

Apache Struts 2 DevMode Enabled

Apache Struts 2 installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Struts, Java, and other related...

FRP bypass vulnerability in multiple Huawei phones (CNVD-2018-17697)

Huawei G9 Lite and Honor 5A are smartphone products of Huawei, a Chinese company. The FRP bypass vulnerability exists in a number of Huawei handsets, where an attacker can turn off the boot wizard by turning on the talkback function during the FRP reset process, resulting in a bypass of the FRP...

JDK: privilege escalation via insufficiently restricted access to Attach API

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...

CVE-2018-15804

An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised, allowing a user to escalate their privileges to act as aka impersonate any other user, including...

openstack-keystone: Information Exposure through /v3/OS-FEDERATION/projects

A flaw was found in Keystone federation. By doing GET /v3/OS-FEDERATION/projects an authenticated user may discover projects they have no authority to access, leaking all projects in the deployment and their attributes. Only Keystone with the /v3/OS-FEDERATION endpoint enabled via policy.json is...

Pentagon Bans Soldiers from Using GPS Apps and Devices

After fitness apps have been shown to reveal the locations of U.S. military personnel in hot zones around the world, the Pentagon is mandating that armed service members must switch off any device using GPS functionality if they are deployed in “operational areas.” “Effective immediately, Defense...

Seq 4.2.476 - Authentication Bypass

Seq 4.2.476 - Authentication Bypass Exploit Title: Seq 4.2.476 - Authentication Bypass Date: 2018-08-02 Exploit Author: Daniel Chactoura Vendor Homepage: https://getseq.net/ Software Link: https://getseq.net/Download/All Version: = 4.2.476 CVE : CVE-2018-8096 Post Reference:...

CVE-2018-3939

An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user...

xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...

DEBIAN-CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

GHSA-4W88-RJJ3-X7WP Chromium Remote Code Execution in electron

Affected versions of ElectronJS are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the sandbox option is enabled. Recommendation Update to electron version 1.7.8 or later...

UBUNTU-CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...