UBUNTU-CVE-2017-7821

A vulnerability where WebExtensions can download and attempt to open a file of some non-executable file types. This can be triggered without specific user interaction for the file download and open actions. This could be used to trigger known vulnerabilities in the programs that handle those...

Install program and Installer of i-filter 6.0 may insecurely load Dynamic Link Libraries and invoke executable files

Overview i-filter 6.0 provided by Digital Arts Inc. is web filtering and parental control software. The install program is designed to download the installer via the internet and execute it. The i-filter 6.0 install program and installer contain the following vulnerabilities. Eili Masami of...

Mozilla Firefox File Download Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in WebExtensions in versions of Mozilla Firefox prior to 56. A remote attacker can exploit the vulnerability to download and potentially open non-executable file...

GNU Binutils BFD *_get_synthetic_symtab function denial of service vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

JVN#57205588: Installer of FENCE-Explorer may insecurely load Dynamic Link Libraries and invoke executable files

FENCE-Explorer provided by FUJITSU BROAD SOLUTION & CONSULTING Inc. is a tool to view and edit a file in "FENCE Briefcase" which is created by FENCE-Pro and other FENCE series software. Installer of FENCE-Explorer contains an issue with the search path for DLL/executable files, which may lead to...

DEBIAN-CVE-2017-14129

The readsection function in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service parsecompunit heap-based buffer over-read and application crash via a crafted ELF file...

Foxit PhantomPDF < 8.3.2 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 8.3.2. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in the app.launchURL method allowing a context-dependent attacker to potentially...

JVN#67954465: Installer of Photo Collection PC Software provided by NTT DOCOMO, INC. may insecurely load Dynamic Link Libraries and invoke executable files

Photo Collection PC Software provided by NTT DOCOMO, INC. contains an issue with the search paths for DLL/executable files, which may lead to insecurely loading Dynamic Link Libraries and invoking executable files CWE-427. Impact This vulnerability can be exploited when the following condition is...

Fuji Electric Monitouch V-SFT Insecure Configuration Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate their privileges on vulnerable installations of Fuji Electric Monitouch V-SFT. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists withi...

Microsoft Windows Multiple Vulnerabilities (KB4025341)

This host is missing a critical security update according to Microsoft KB4025341 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Windows Explorer Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Windows Explorer improperly handles executable files and shares during rename operations. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of another user. Users not running as administrators would ...

AVET - AntiVirus Evasion Tool

AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. In version 1.1 lot of stuff was introduced, for a complete overview have a look at the CHANGELOG file. Now 64bit payloads can also be used, for...

CVE-2017-6638

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input...

Inject Custom Code Into PE File: InfectPE

Inject Custom Code Into PE File Using this tool you can inject x-code/shellcode into PE file. InjectPE works only with 32-bit executable files. Why you need InjectPE? You can test your security products. Use in a phishing campaign. Learn how PE injection works. …and so on. In the project, there i...

JVN#71572107: Installer of Vivaldi for Windows may insecurely load executable files

The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use the latest...

EQGRP

This is a repository containing three ELF files: 7z, 7z.so, and 7za. The files are likely related to the 7-Zip file archiver, a popular tool for compressing and decompressing files. The ELF files are likely used as plugins or extensions for the 7-Zip software. The files are compiled for Linux and...

Publicly writable directory

There are various methods in which a file or files may be uploaded to a webserver. One method that can be used is the HTTP PUT method. The PUT method is mainly used during development of applications and allows developers to upload or put files on the server within the web root. By nature of the...

WordPress Mobile App Native 3.0 Shell Upload Vulnerability

WordPress Mobile App Native plugin version 3.0 suffers from a remote shell upload vulnerability. Title: Remote file upload vulnerability in Wordpress Plugin Mobile App Native 3.0 Vulnerability Date: 2017-02-27 Download: https://wordpress.org/plugins/zen-mobile-app-native/ Vendor:...

Cisco AsyncOS Software for Cisco ESA Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

GLSA-201701-69 : Ark: Unintended execution of scripts and executable files

The remote host is affected by the vulnerability described in GLSA-201701-69 Ark: Unintended execution of scripts and executable files A vulnerability was discovered in how Ark handles executable files while browsing a compressed archive. A user could unintentionally execute a malicious script...