CVE-2015-8156

Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption SEE 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe...

Pornhub: CSV Macro injection in Video Manager (CEMI)

Missing character escaping in video title delivery of an executable CSV payload to when exporting stats to file...

CVE-2016-1066

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different...

Adobe Acrobat Reader DC Restriction Bypass Vulnerability

Adobe Acrobat Reader DC is the United States of America Odooby Adobe company's set of tools for viewing, printing and annotating PDF. A security vulnerability exists in Adobe Acrobat Reader DC that allows an attacker to bypass restrictions on the Javascript API executable...

file: out-of-bounds read in elf note headers

An out-of-bounds read flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

file: malformed elf file causes access to uninitialized memory

A flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to cause a PHP application using fileinfo to crash or disclose certain portions of server memory...

file: limit the number of ELF notes processed

A flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted ELF file...

file: multiple denial of service issues (resource consumption)

Multiple flaws were found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of system resources...

file: denial of service issue (resource consumption)

A flaw was found in the way the File Information fileinfo extension parsed Executable and Linkable Format ELF files. A remote attacker could use this flaw to cause a PHP application using fileinfo to consume an excessive amount of system resources...

Microsoft Windows 7 - WebDAV Local Privilege Escalation (MS16-016) (2)

Microsoft Windows 7 - WebDAV Local Privilege Escalation MS16-016 2 Exploit Title: WebDAV Elevation of Privilege Vulnerability MS16-2 Date: 8/5/2016 Exploit Author: hex0r Version:WebDAV on Windows 7 84x CVE : CVE-2016-0051 Intro: Credits go to koczkatama for coding a PoC, however if you run this...

CVE-2016-4535

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service memory corruption and crash via a crafted packed executable...

CVE-2016-4535

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service memory corruption and crash via a crafted packed executable...

Integer overflow

Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service memory corruption and crash via a crafted packed executable...

Antenna Defense Memory Corruption Vulnerability

Anthem Defense is Anthem's antivirus program. Antenna Defense 7 Antivirus has a memory corruption vulnerability when dealing with PE files, which allows attackers to exploit the vulnerability to construct malformed PE files that can cause Antenna Defense 7 to crash due to memory corruption while...

Memory Corruption Vulnerability in Dr. An Antivirus

Dr. An antivirus is a security product. Dr. An Antivirus has a memory corruption vulnerability when dealing with PE files, which allows attackers to exploit the vulnerability to construct malformed PE files, allowing Dr. An to terminate the scan due to memory corruption during scanning or cause a...

Apache Camel: source code security analysis report

Several vulnerabilities were discovered in The Apache Software Foundation 'Apache Camel' software: Using Synchronization Primitives in EJB components Missing Verification of Executable Files' Digital Signature when Executing them from Untrusted Sources Violating the Java Object Model Using...

Mozilla Firefox / Thunderbird DLL Hijacking

Hi @ll despite better knowledge and MULTIPLE bug/vulnerability reports see , , , ... Mozilla continues to ship Firefox and Thunderbird for Windows with a vulnerable executable installer. Proof of concept/demonstration: 1. visit , download and save it as ShimEng.dll in your "Downloads" folder, the...

New Downloader for Locky

Through DTI Intelligence analysis, We have been observing Locky malware rise to fame recently. Locky is ransomware that is aggressively distributed via downloaders attached in spam emails, and it may have surpassed the Dridex banking trojan in popularity. In previous campaigns, the ransomware was...

HP Data Protector 6.10 / 6.11 / 6.20 Install Service

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'HP Data Protector 6.10/6.11/6.20 Install Service', 'Description' = %q This module exploits HP Data Protector Omniinet process o...

ROPInjector - Convert any Shellcode in ROP and patch it into a given Portable Executable (PE)

A tool written in C Win32 to convert any shellcode in ROP and patch it into a given portable executable PE. It supports only 32-bit target PEs and the x86 instruction set. Published in Blackhat USA 2015, "ROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion" More...