CVE-2019-17322

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that...

CVE-2019-17322

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that...

CVE-2019-17322

ClipSoft REXPERT 1.0.0.527 and earlier version allows arbitrary file creation via a POST request with the parameter set to the file path to be written. This can be an executable file that is written to in the arbitrary directory. User interaction is required to exploit this vulnerability in that...

CVE-2018-18931

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...

Design/Logic Flaw

An issue was discovered in the Tightrope Media Carousel digital signage product 7.0.4.104. Due to insecure default permissions on the C:\TRMS\Services directory, an attacker who has gained access to the system can elevate their privileges from a restricted account to full SYSTEM by replacing the...

The vulnerability of the OPCTest.exe executable on the RSLinx Classic communication server allows a hacker to execute arbitrary code.

The vulnerability of the RSLinx Classic dynamic assembly library server is caused by buffer overflow in the stack. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information...

Repetier-Server Path Traversal Vulnerability

Repetier-Server is a 3D printer control application. A path traversal vulnerability in the RepetierServer.exe file in Repetier-Server versions 0.8 through 0.91, which arises from a failure of a networked system or product to properly filter for specific elements in the path of a resource or file,...

CVE-2019-17043

An issue was discovered in BMC Patrol Agent 9.0.10i. Weak execution permissions on the best1collect.exe SUID binary could allow an attacker to elevate his/her privileges to the ones of the "patrol" user by specially crafting a shared library .so file that will be loaded during execution...

Softing uaGate SI Default Privileges Vulnerability

Softing uaGate SI is a compact industrial gateway product from Softing Germany. A security vulnerability exists in Softing uaGate SI version 1.60.01. The vulnerability can be exploited by an attacker to modify or add executable files in the system default path...

GNU Binutils Denial of Service Vulnerability (CNVD-2019-34651)

GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library used in GNU Binutils 2.32. A...

CVE-2019-11528

An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable...

UBUNTU-CVE-2019-17450

findabstractinstance in dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service infinite recursion and application crash via a crafted ELF file...

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks

Watch out Windows users! The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection. The vulnerab...

CVE-2017-5208

A vulnerability was found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution...

CVE-2019-15751

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands...

Linux/ARM - Fork Bomb Shellcode (20 bytes)

Title: Linux/ARM - Fork Bomb Shellcode 20 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: CJHackerz Description: This shellcode creates new processes in infinite loop to exhaust CPU resources leading to crash / Compilation instruction...

The vulnerabilities of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to security configuration errors, allowing attackers to execute arbitrary code.

The vulnerabilities of Firefox and Firefox ESR browsers, as well as the Thunderbird email client, are related to security configuration errors. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code by running a malicious executable file remotely...

The vulnerability of the graphical administration tool for domain management, fly-admin-gmc, in the FLY operating system of Astra Linux, related to improper access control, allows a perpetrator to trigger a service failure.

The vulnerability of the graphical administration tool for domain management, fly-admin-gmc, in the FLY environment of the Astra Linux operating system is related to an error that causes a significant delay in opening a folder with the ELF filter enabled. Exploiting this vulnerability allows a...

UBUNTU-CVE-2019-11736

The Mozilla Maintenance Service does not guard against files being hardlinked to another file in the updates directory, allowing for the replacement of local files, including the Maintenance Service executable, which is run with privileged access. Additionally, there was a race condition during...

Total Defense Anti-virus Elevation of Privilege Vulnerability (CNVD-2019-34850)

Total Defense Anti-virus is a suite of antivirus software from the American company Total Defense. An elevation of privilege vulnerability exists in Total Defense Anti-virus. An attacker can exploit this vulnerability to hijack the dotnetproxy.exe file to elevate privileges...