Updated quazip packages fix security vulnerability

Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive affects other archives as well, bzip2, tar,x...

Peinjector

This module will inject a specified windows payload into a target executable. require 'rex' class MetasploitModule 'Peinjector', 'Description' = %q This module will inject a specified windows payload into a target executable. , 'License' = MSFLICENSE, 'Author' = 'Maximiliano Tedesco ', 'Platform'...

Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Foxit PDF Reader Pointer Overwrite UAF', 'Description' = %q Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotatio...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

CVE-2018-15885

Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities or purpose. This makes it easier for adversaries to detect the covert operation. Specifically, the...

Design/Logic Flaw

AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files...

CVE-2018-14791

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products...

Philips IntelliSpace Cardiovascular and Xcelera Privilege Mismanagement Vulnerability

Philips IntelliSpace Cardiovascular ISCV and Xcelera are both products of the Dutch company Philips.Philips ISCV is a cardiac imaging information management system.Xcelera is its predecessor. A security vulnerability exists in Philips ISCV version 2.x and earlier and Xcelera version 4.1 and...

CVE-2018-14787

In Philips' IntelliSpace Cardiovascular ISCV products ISCV Version 2.x or prior and Xcelera Version 4.1 or prior, an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local...

CVE-2018-14795

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

Input validation

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

CVE-2018-14795

DeltaV DCS Workstations (Emerson) are affected by CVE-2018-14795 due to improper path validation (Relative Path Traversal). Affected products are DeltaV versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5. The vulnerability can allow an attacker to replace executable files. Public advisories/records ...

CVE-2018-14795

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

Emerson Electric Deltav Path Traversal Vulnerability

Emerson Electric DeltaV is a digital automation system from Emerson Electric USA. The system offers I/O on-demand configuration, embedded intelligent control, and alarm panels. A path traversal vulnerability exists in Emerson Electric DeltaV, which stems from the program failing to properly...

Emerson Electric DeltaV Privilege Mismanagement Vulnerability

Emerson Electric DeltaV is a digital automation system from Emerson Electric USA. The system offers I/O on-demand configuration, embedded intelligent control, and alarm panels. A security vulnerability exists in Emerson Electric DeltaV. An attacker could use this vulnerability to modify executabl...

Mozilla Firefox ESR < 60.1 Multiple Vulnerabilities

Binary data 700341.prm...

Sentinel License Manager lservnt.exe Component Denial of Service Vulnerability

Sentinel License Manager is a suite of software that remotely performs software license management. lservnt.exe is one of the Sentinel License Manager startup components. A security vulnerability exists in the lservnt.exe component of Sentinel License Manager version 8.5.3.35, which is caused by...

Downloads Resources over HTTP in haxe3

Affected versions of haxe3 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

DLL Hijacking Vulnerability in GE iFix scu.exe Component

GE Intelligent Platforms' GE-IP iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring of manufacturing operations. A DLL hijacking vulnerability exists in the GE iFix scu.exe component, which can be exploited ...