CVE-2018-0438 Cisco Umbrella Enterprise Roaming Client Privilege Escalation Vulnerability

A vulnerability in the Cisco Umbrella Enterprise Roaming Client ERC could allow an authenticated, local attacker to elevate privileges to Administrator. To exploit the vulnerability, the attacker must authenticate with valid local user credentials. This vulnerability is due to improper...

GNU Binutils Binary File Descriptor Library Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

Code injection

Kaizen Asset Manager Enterprise Edition and Training Manager Enterprise Edition allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library dll assumed the identity of a temporary tmp file isxdl.dll and an executable file assum...

CVE-2018-16545

Kaizen Asset Manager Enterprise Edition and Training Manager Enterprise Edition allow a remote attacker to achieve arbitrary code execution via file impersonation. For example, a malicious dynamic-link library dll assumed the identity of a temporary tmp file isxdl.dll and an executable file assum...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

Mozilla Firefox ESR < 60.1 Multiple Vulnerabilities

Binary data 700341.prm...

Cisco Email Security Appliance EXE File Security Bypass Vulnerability

Cisco Email Security Appliance ESA is a set of e-mail security appliances from the American company Cisco Cisco. The appliance provides spam protection, email encryption, data loss prevention and other features. An EXE file security bypass vulnerability exists in some of the attachment detection...

Denial Of Service (DoS) Through Out-of-Bounds Access

libmagic.so is vulnerable to denial of service DoS attacks. The library does properly check offsets of a PE Executable file, leading to an out-of-bounds access that can crash the application...

[ASA-201807-13] networkmanager-vpnc: privilege escalation

Arch Linux Security Advisory ASA-201807-13 ========================================== Severity: High Date : 2018-07-20 CVE-ID : CVE-2018-10900 Package : networkmanager-vpnc Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-739 Summary ======= The package...

Binance v1.5.0 - Insecure File Permission Vulnerability

Document Title: =============== Binance v1.5.0 - Insecure File Permission Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2135 Release Date: ============= 2018-07-16 Vulnerability Laboratory ID VL-ID: ====================================...

DEBIAN-CVE-2018-13033

The Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service excessive memory allocation and application crash via a crafted ELF file, as demonstrated by bfdelfparseattributes in elf-attrs.c and bfdmalloc in libbfd.c...

Privilege escalation

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications...

CVE-2018-9859

The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications...

CVE-2018-9859

The CVE-2018-9859 issue affects NAVER Whale prior to version 1.0.40.7, where the Whale update service path is unquoted. Root cause: an unquoted update service path can be leveraged to run executables with System privileges by other vulnerable apps, enabling persistent privilege escalation. Impact...

Unspecified vulnerability in fis-sass-all

fis-sass-all is a package for implementing Sass compilation in Node.js. A security vulnerability exists in fis-sass-all, which originates when a program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response...

CVE-2018-5105

WebExtensions can bypass user prompts to first save and then open an arbitrarily downloaded file. This can result in an executable file running with local user privileges without explicit user consent. This vulnerability affects Firefox 58...

CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

massif code execution vulnerability (CNVD-2018-15161)

massif is a WebKit script written in JavaScript. A security vulnerability exists in massif, which originates when the program downloads an executable file over an unencrypted HTTP connection. A remote attacker could exploit the vulnerability by intercepting the response and replacing the requeste...

JVN#20040004: The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" may insecurely invoke an executable file

The installer of "FLET'S VIRUS CLEAR Easy Setup & Application Tool" and "FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool" provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION contains an issue with the DLL search path, which may lead to insecurely invoke an executable file CWE-427...