Veritas Backup Exec Agent for Windows/Linux and Mac Memory Corruption Vulnerability

Veritas Backup Exec Agent is a suite of backup and recovery solutions from Veritas Technologies, USA. A memory corruption vulnerability exists in Veritas Backup Exec Agent for Windows, Linux, and Mac-based platforms. A remote attacker could exploit the vulnerability to cause the agent to crash or...

CVE-2017-8895

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the...

Double free

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the...

CVE-2017-8895

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the...

CVE-2017-8895

In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the...

CVE-2017-8895

Summary (CVE-2017-8895) : The vulnerability affects Veritas/Symantec Backup Exec Remote Agent for Windows (NDMP SSL) where a use-after-free during SSL NDMP session handling can lead to remote code execution or denial of service. Affected versions identified in connected docs: 14.1.x before 14.1.1...

Nextcloud: Nextcloud Server Remote Command Execution

Hy NextCloud Security Team i found a critical vulnerability RCE : Nextcloud Server 11.0.2 is affected by a critical vulnerability, which gives to the attacker complete permission to run a system command. The root cause is insufficient validation of arguments to the exec function. Vulnerable Code...

iOS Security Testing Framework: needle

iOS Security Testing Framework Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps. Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes...

Remote Code Execution (RCE)

growl is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the exec function...

UBUNTU-CVE-2017-8114

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...

ALPINE-CVE-2017-8114

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...

CVE-2017-8114

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...

CVE-2017-8114

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...

DEBIAN-CVE-2017-8114

Roundcube Webmail allows arbitrary password resets by authenticated users. This affects versions before 1.0.11, 1.1.x before 1.1.9, and 1.2.x before 1.2.5. The problem is caused by an improperly restricted exec call in the virtualmin and sasl drivers of the password plugin...

PT-2017-18124

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions prior to 1.0.11 Roundcube Webmail versions 1.1.x before 1.1.9 Roundcube Webmail versions 1.2.x before 1.2.5 Description The issue allows arbitrary password resets by authenticated users due to an improperly restricte...

CVE-2016-8586

detectedpotentialfiles.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cacheid parameter...

Mercurial Custom hg-ssh Wrapper Remote Code Exec

This module takes advantage of custom hg-ssh wrapper implementations that don't adequately validate parameters passed to the hg binary, allowing users to trigger a Python Debugger session, which allows arbitrary Python code execution. This module requires Metasploit: https://metasploit.com/downlo...

Information Disclosure

sync-exec is vulnerable to information disclosure attacks. It uses a world readable tmp directory as a buffer before returning values. Since this directory is world-readable, any other user on the server is able to read the temporary files while they exist, potentially obtaining confidential...

Leakage Of File And Folder Information

hive-exec is vulnerable to the leakage of file and folder information. The file and folder information is being logged when a query is canceled and the thread is interrupted...

CVE-2017-0415

CVE-2017-0415 is an elevation of privilege in Android’s Mediaserver. A local attacker could exploit this to run arbitrary code with privileged process rights. Affected versions: Android 6.0, 6.0.1, 7.0, 7.1.1 (Mediaserver). The provided connected documents identify the issue but do not specify a ...