Input validation

Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products...

H2 Database 1.4.196 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: H2 Database 1.4.196 - Remote Code Execution Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197 Tested on: macOS/Linux...

CVE-2018-17776

PCProtect Anti-Virus v4.8.35 has "Everyone: F" permission for %PROGRAMFILESX86%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse...

Slack: Linux Desktop application slack executable does not use pie / no ASLR

The slack binary from the Linux desktop application is no position independent executable: $ file usr/lib/slack/slack usr/lib/slack/slack: ELF 64-bit LSB executable, x86-64, version 1 SYSV, dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, stripped pie executables...

VPNFilter’s Arsenal Expands With Newly Discovered Modules

Researchers have discovered new modules in VPNFilter – the malware behind the widespread campaign in May that infected 75 router brands – revealing that its capabilities are much more widespread and sophisticated than previously thought. After reverse-engineering seven additional third-stage...

Debian DSA-4299-1 : texlive-bin - security update

Nick Roessler from the University of Pennsylvania has found a buffer overflow in texlive-bin, the executables for TexLive, the popular distribution of TeX document production system. This buffer overflow can be used for arbitrary code execution by crafting a special type1 font .pfb and provide it...

GNU Binutils Binary File Descriptor Library Denial of Service Vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utilities developed by the GNU Project to work with object files in a variety of formats, with connectors, assemblers, and other tools for object files and archives.The Binary File Descriptor BFD library a.k.a...

UBUNTU-CVE-2018-17360

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfdgetl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executabl...

DEBIAN-CVE-2018-17360

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfdgetl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executabl...

DEBIAN-CVE-2018-17358

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. An invalid memory access exists in bfdstabsectionfindnearestline in syms.c. Attackers could leverage this vulnerability to cause a denial of service application crash via a crafted E...

UBUNTU-CVE-2018-17358

An issue was discovered in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. An invalid memory access exists in bfdstabsectionfindnearestline in syms.c. Attackers could leverage this vulnerability to cause a denial of service application crash via a crafted E...

CVE-2018-6690

Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control MACC 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system...

Solaris libnspr NSPR_LOG_FILE Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Solaris libnspr NSPRLOGFILE Privilege Escalation', 'Description' = %q This module exploits an arbitrary file write vulnerability in the Netscape...

The vulnerability of Emerson DeltaV DCS industrial control stations, related to errors in checking the path to the catalog, allows a intruder to replace the executable files.

The vulnerability of Emerson DeltaV DCS industrial control systems lies in errors during the verification of the catalog path. Exploiting this vulnerability allows a malicious actor to replace the executable files...

Design/Logic Flaw

In FreeBSD before 11.2-RELEASE, an application which calls setrlimit to increase RLIMITSTACK may turn a read-only memory region below the stack into a read-write region. A specially crafted executable could be exploited to execute arbitrary code in the user context...

CVE-2017-1085

Removed by vendor...

Solaris libnspr NSPR_LOG_FILE Privilege Escalation

This module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library libnspr on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the NSPRLOGFILE...

openSUSE Security Update : nodejs4 (openSUSE-2018-991)

This update for nodejs4 fixes the following issues : Security issues fixed : - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed : - CVE-2018-0732: Clien...

CVE-2018-16715

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable EXE or dynamical...

Design/Logic Flaw

An issue was discovered in Absolute Software CTES Windows Agent through 1.0.0.1479. The security permissions on the %ProgramData%\CTES folder and sub-folders may allow write access to low-privileged user accounts. This allows unauthorized replacement of service program executable EXE or dynamical...