CVE-2018-5731

An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the...

Jungo DriverWizard WinDriver Denial of Service Vulnerability

Jungo DriverWizard WinDriver is a PCI/USB device driver development tool from Israel's Jungo Connectivity. A security vulnerability exists in the windrvr1260.sys file in Jungo DriverWizard WinDriver version 12.6.0. The vulnerability can be exploited by an attacker to cause a denial of service wit...

PT-2018-1306 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 18.0 Description: A Server-Side Request Forgery SSRF issue was discovered in the NmAPI.exe executable. This allows malicious actors to submit specially crafted requests to gain unauthorized access to th...

CVE-2018-8832

enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page...

CVE-2018-8832

enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page...

CVE-2018-8821

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service BSOD via a crafted .exe file...

CVE-2018-8809

In radare2 2.4.0, there is a heap-based buffer over-read in the dalvikop function of analdalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file...

File Traversal

github.com/cloudfoundry-attic/garden-linux is vulnerable to file traversal attacks. The garden-linux nstar executable allows attackers to read files within the host system that the BOSH-created vcap user has permission to read. This can be done by staging an application on Cloud Foundry using Die...

EulerOS 2.0 SP1 : nautilus (EulerOS-SA-2018-1053)

According to the version of the nautilus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when...

The vulnerability of the executable file nvwsworker.exe in the NetVault Backup data archiving and restoration software allows a perpetrator to execute arbitrary code.

The vulnerability of the nvwsworker.exe executable software for NetVault Backup data archiving and restoration lies in the improper validation of the length of input data. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code with system privileges by...

Integrate Security Checks with RIPS CLI

Getting started Installation The installation of rips-cli is described in detail in our documentation. You can download the PHAR build of our CLI tool into your bin directory and make it executable with the following commands: 1 2 sudo wget...

CVE-2018-7706

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. dot dot in the option2 parameter in an attachment action to secmail/getmessage.exe...

CVE-2018-7703

Cross-site scripting XSS vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe...

IBM Notes DLL Loading Remote Code Execution Vulnerability

IBM Notes for Windows is a set of IBM's Windows-based platform for collaborative office software. The software has e-mail, calendar, scheduling and other office functions. A remote code execution vulnerability exists in IBM Notes for Windows. A remote attacker can cause a user to double-click on ...

MikroTik RouterOS 6.41.36.42rc27 - SMB Buffer Overflow

MikroTik RouterOS 6.41.36.42rc27 - SMB Buffer Overflow !/usr/bin/env python import socket import struct import sys import telnetlib NETBIOSSESSIONMESSAGE = "\x00" NETBIOSSESSIONREQUEST = "\x81" NETBIOSSESSIONFLAGS = "\x00" trick from http://shell-storm.org/shellcode/files/shellcode-881.php will...

[20180502] - Core - Add PHAR files to the upload blacklist

Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

Hola Insecure Service Privilege Vulnerability

Hola is a VPN software that supports anonymous web browsing. A security vulnerability exists in Hola version 1.79.859. An attacker can exploit this vulnerability to alter or overwrite executable files with arbitrary code to elevate privileges...

CVE-2018-6623

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists...

Privilege escalation

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists...

CVE-2018-6623

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists...