UBUNTU-CVE-2018-13797

The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec rather than execFile call...

CVE-2018-1000525

OpenPSA is affected by a PHP Object Injection vulnerability in form data passed as GET variables, allowing a crafted GET request to serialize a PHP object and potentially disclose information or achieve remote code execution. The issue arises from unsafe deserialization, enabling arbitrary code e...

Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified

Summary There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.5 of IBM Storwize V7000 Unified Vulnerability Details IBM Storwize V7000 Unified is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla...

CVE-2018-12035

In YARA 3.7.1 and prior, parsing a specially crafted compiled rule file can cause an out of bounds write vulnerability in yrexecutecode in libyara/exec.c...

sync-exec information disclosure vulnerability

sync-exec is a synchronized executable with status code support. A security vulnerability exists in sync-exec versions prior to 0.11.9, which stems from another user on the server having read access to the tmp directory. An attacker can use this vulnerability to obtain sensitive file information ...

Insecure Cookie Handling

drill-java-exec is vulnerable to insecure cookie handling attacks. The vulnerability exists due to the lack of httpOnly flag in the response cookies, allowing the cookies to be stolen by a third party website...

CVE-2017-16024

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

CVE-2017-16024

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

Buffer overflow

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

CVE-2017-16024

The sync-exec module is used to simulate childprocess.execSync in node versions 0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on the server to obtain confidential informati...

CVE-2017-16024

The CVE-2017-16024 entry concerns the sync-exec module, used to simulate Node.js child_process.execSync in Node versions

CVE-2014-125118

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/antivirus/escanpasswordexec.rb 2025-10-23 21:12:57+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

CVE-2011-10017

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/snortreportexec.rb 2025-10-23 21:12:56+00:00| seen| MISP/a9d21043-f825-4bac-8d2b-56fb9e8343e7...

WMI Exec

A similar approach to psexec but executing commands through WMI. !/usr/bin/env python3 Copyright c 2003-2018 CORE Security Technologies This software is provided under under a slightly modified version of the Apache Software License. See the accompanying LICENSE file for more information. import...

Fedora 27 : glibc (2018-9c88c32d15)

This updates contains various updates from the upstream glibc 2.26 release branch, including minor fixes for the realpath function and the i386 memmove implementation. Starting with this update, glibc will no longer re-exec systemd during glibc updates RHBZ1579225. Note that Tenable Network...

Prime95 29.4b8 - Stack Buffer Overflow (SEH)

Prime95 29.4b8 - Stack Buffer Overflow SEH Exploit Title: Prime95 Local Buffer Overflow SEH Date: 13-4-2018 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: https://www.mersenne.org/ Software Link: https://www.mersenne.org/download/download Version: 29.4b8 Tested...

PT-2018-10400

Name of the Vulnerable Software and Affected Versions procps-ng versions prior to 3.3.15 Description The issue allows an unprivileged attacker to hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This is achieved through a process occupying a...

Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Drupal Remote Code Execution Vulnerability (SA-CORE-2018-002) (exploit)

Binary data drupalCVE-2018-7600rce.nbin...