CVE-2014-6119

IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before 8.6 IFix 004, 8.7 before 8.7 IFix 004, 8.8 before 8.8 iFix 003, 9.0 before 9.0.0.1 iFix 003, and 9.0.1 before 9.0.1 iFix 001 allows remote attackers to execute arbitrary code via a crafted executable file in an archive...

Directory traversal

Directory traversal vulnerability in the agentUpload servlet in ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 allows remote attackers to execute arbitrary code by uploading a ZIP file which contains an executable file with .. dot dot sequences in its name, then accessing t...

CVE-2014-3910

Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension...

Code injection

Emurasoft EmFTP allows local users to gain privileges via a Trojan horse executable file that is launched during an attempt to read a similarly named file that lacks a filename extension...

DomainHostingView v1.61 - Show domain hosting information

DomainHostingView is a utility for Windows that collects extensive information about a domain by using a series of DNS and WHOIS queries, and generates HTML report that can be displayed in any Web browser. The information displayed by the report of DomainHostingView includes: the hosting company ...

CVE-2014-0607

Unrestricted file upload vulnerability in Attachmate Verastream Process Designer VPD before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file...

ProcessThreadsView - View process threads information On Windows

ProcessThreadsView is a small utility that displays extensive information about all threads of the process that you choose. The threads information includes the ThreadID, Context Switches Count, Priority, Created Time, User/Kernel Time, Number of Windows, Window Title, Start Address, and more. Wh...

MacOSXLabs RsyncX 2.1 - Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11211/info It is reported that RsyncX is prone to a local privilege escalation vulnerability. RsyncX is installed setuid root and setgid wheel. It is reported that RsyncX drops root privileges properly but fails to drop...

IBM UniVerse 10.0 .0.9 uvadmsh Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8203/info A vulnerability has been reported in the IBM U2 UniVerse uvadmsh program that could permit the uvadm user to execute arbitrary code with elevated privileges. The -uv.install option of the vulnerable program allo...

LiquidXML Studio 2012 ActiveX Insecure Method Executable File Creation 0day

No description provided by source. html object classid='clsid:8AEEAB4A-E1DA-4354-B800-8F0B553770E1' id='target'//object script var sofa = ..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\thedoctorisin.hta; var king = Oh noz, Look what DrIDE...

Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a specially formed...

Qualcomm Eudora 5/6 File Attachment Spoofing Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/5432/info Eudora is reported to be prone to an issue which may allow attackers to spoof the file extension in an attachment. This may aid an attacker in enticing a user of the e-mail client into executing malicious conten...

DivX Player 2.6 Skin File Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12332/info DivX Player is reported prone to a directory traversal vulnerability. The issue presents itself when DPS '.dps', archive files are processed. Ultimately an attacker may exploit this issue to save a script or...

FreeBSD 3.3,Linux Mandrake 7.0 'xsoldier' Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/871/info Certain versions of FreeBSD 3.3 Confirmed and Linux Mandrake confirmed ship with a vulnerable binary in their X11 games package. The binary/game in question, xsoldier, is a setuid root binary meant to be run via ...

Zinf 2.2.1 - Local Buffer Overflow Exploit

No description provided by source. / -------------------------------Advisory---------------------------------- Luigi Auriemma aluigiaaaattttttautisticiD000torg I don't know why this bug has not been tracked but moreover I don't completely know why it has not been fixed yet in the Windows version ...

Linux Kernel (<= 2.4.27 , 2.6.8) binfmt_elf Executable File Read Exploit

No description provided by source. / binfmtelf executable file read vulnerability gcc -O3 -fomit-frame-pointer elfdump.c -o elfdump Copyright c 2004 iSEC Security Research. All Rights Reserved. THIS PROGRAM IS FOR EDUCATIONAL PURPOSES ONLY IT IS PROVIDED AS IS AND WITHOUT ANY WARRANTY. COPYING,...

Threat Outbreak Alert: Fake Credit Card Invoice Notification Email Messages on May 12, 2014

Medium Alert ID: 34202 First Published: 2014 May 13 12:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a credit card invoice for the recipient. The text in the email message attempts to convince the recipient to open...

Threat Outbreak Alert: Fake Profile Question Response Email Messages on April 16, 2014

Medium Alert ID: 33823 First Published: 2014 April 16 21:41 GMT Version: 1 Summary Cisco Security has detected significant activity related to Italian-language spam email messages that claim to contain an answer to a question regarding profile information for the recipient. The text in the email...

Threat Outbreak Alert: Email Messages with Malicious Attachments on April 14, 2014

Medium Alert ID: 33786 First Published: 2014 April 14 15:05 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a malicious attachment for the recipient. The text in the email message attempts to convince the recipient to op...

Threat Outbreak Alert: Fake Purchase Order Notification Email Messages on March 16, 2014

Medium Alert ID: 33359 First Published: 2014 March 17 14:14 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a purchase order notification for the recipient. The text in the email message attempts to convince the recipien...