Malware Poses as Flash Update Infects 110,000 Facebook Users within 2 Days

Facebook users just Beware!! Don’t click any porn links on Facebook. Foremost reason is that you have thousands of good porn sites out there, but there's an extra good reason right now. Rogue pornography links on the world’s most popular social network have reportedly infected over 110,000 Facebo...

ArticleFR CMS 3.0.5 - Arbitrary File Upload

ArticleFR CMS 3.0.5 - Arbitrary File Upload Exploit Title: Arbitrary File Upload in articleFR CMS 3.0.5 Google Dork: N/A Date: 01/21/2015 Exploit Author: Tran Dinh Tien [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://freereprintables.com Software Link:...

Mobilis MobiConnect 3G ZDServer privilege escalation

Weak permissions for system service and executable files...

CVE-2014-6119

IBM Security AppScan Enterprise is affected by CVE-2014-6119. The vulnerability allows remote attackers to execute arbitrary code via a crafted executable file inside an archive. Affected versions are: 8.5 before 8.5 IFix 002; 8.6 before 8.6 IFix 004; 8.7 before 8.7 IFix 004; 8.8 before 8.8 iFix ...

Code injection

dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restrictions via a crafted file...

JVN#50367052: EmFTP may insecurely load executable files

EmFTP contains a flaw when loading files, where an unitended executable file may be loaded when attempting to open a file without an extension. For example, if a text file named "exmaple" without an extension and an executable "example.exe" are in the same directory, attemtping to open the file...

VulnCheck KEV: CVE-2013-3900

A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files...

GDB 6.6 - Process_Coff_Symbol UPX File Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24291/info GDB is prone to a buffer-overflow vulnerability because it fails to properly check bounds when handling specially crafted executable files. Attackers could leverage this issue to run arbitrary code outside of a...

Gadu-Gadu 6.0 File Download Filename Obfuscation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/11017/info Gadu-Gadu is a Polish instant messaging application for Microsoft Windows operating systems. It is reported that the Gadu-Gadu instant messenger application contains a weakness allowing attackers to obfuscate...

Threat Outbreak Alert RuleID10190: Email Messages Distributing Malicious Software on June 2, 2014

Medium Alert ID: 34520 First Published: 2014 June 2 20:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID10190 may contain the following files: Name | Size...

Hidden File Finder v3.0 - Free Tool to Find and Unhide/Remove all the Hidden Files

Hidden File Finder is the free software to quickly scan and discover all the Hidden files on your Windows system. It performs swift multi threaded scan of all the folders parallely and quickly uncovers all the hidden files. It automatically detects the Hidden Executable Files EXE, DLL, COM etc an...

Microsoft Windows "CreateProcess()" .cmd和.bat安全绕过漏洞

Bugtraq ID:66619 CVE ID:CVE-2014-0315 Windows是一款由美国微软公司开发的窗口化操作系统。 由于当操作系统处理关于"CreateProcess"方法的.bat和.cmd文件时没有正确限制文件路径，攻击者可以利用漏洞执行特制的可执行文件，例如由诱使用户打开位于远程WebDAV或SMB共享的应用程序。 0 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows RT Microsoft Windows RT 8.1 Microsoft Window...

Ubuntu Update for file USN-2162-1

Check for the Version of file OpenVAS Vulnerability Test $Id: gbubuntuUSN21621.nasl 7957 2017-12-01 06:40:08Z santu $ Ubuntu Update for file USN-2162-1 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Ubuntu: Security Advisory (USN-2162-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HP LoadRunner Virtual User Generator EmulationAdmin Directory Traversal (CVE-2013-4837)

Multiple directory traversal vulnerabilities exist in HP LoadRunner. These vulnerabilities are due to a lack of input validation on SOAP requests, specifically, the copyFileToServer and the getFileContentAsLines operations of the EmulationAdmin web service. Unauthenticated remote attackers could...

Threat Outbreak Alert: Fake Payment Transaction Notice Email Messages on February 21, 2014

Medium Alert ID: 32966 First Published: 2014 February 21 17:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payment transaction notice for the recipient. The text in the email message attempts to convince the...

Schweitzer Engineering Laboratories AcSELerator Improper Authorization Vulnerability

Overview This advisory provides mitigation details for a vulnerability affecting the Schweitzer Engineering Laboratories SEL AcSELerator QuickSet software. Independent researcher Michael Toecker of Digital Bond has identified an improper authorization vulnerability in the SEL AcSELerator...

MS13-098: Vulnerability in Windows Could Allow Remote Code Execution (2893294)

The remote host contains a version of Microsoft Windows that is affected by a remote code execution vulnerability. The vulnerability exists in the method in which the WinVerifyTrust function deals with Windows Authenticode signature verification for portable executable files. An attacker could...

Double Executable File Extension Arbitrary File Execution

Certain malicious executable files can be hidden using double extension filenames...

Threat Outbreak Alert: Fake Product Quote Request Email Messages on June 5, 2014

Medium Alert ID: 31005 First Published: 2013 September 28 05:39 GMT Last Updated: 2014 June 6 12:40 GMT Version: 4 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product quote request for the recipient. The text in the email message...