Microsoft Windows CONTACT - Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft .CONTACT File...

MGASA-2019-0031 Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

Updated terminology package fixes security vulnerability CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

CVE-2018-16183

An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 32bit, Windows 7 64bit, Windows 8 64bit, Windows 8.1 64bit, Windows 10 64bit delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file an...

CVE-2018-16183

An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 32bit, Windows 7 64bit, Windows 8 64bit, Windows 8.1 64bit, Windows 10 64bit delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file an...

Schneider Electric Pro-face GP-Pro EX

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Schneider Electric Equipment: Pro-face GP-Pro EX Vulnerability: Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify code to...

Microsoft Windows - Windows Error Reporting Local Privilege Escalation

Make sure to copy the file report.wer found in the folder PoC-Files in the same folder as the executable before running it... I guess I could have included it as a resource in the exe.. but whatever. Example: "angrypolarbearbug.exe c:\windows\system32\drivers\pci.sys" This will overwrite pci.sys...

GNU Binutils 'error' function heap buffer overflow vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A heap buffer overflow vulnerability...

SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:1892-1)

This update for nodejs6 to version 6.14.3 fixes the following issues: The following security vulnerability was addressed : - Fixed a denial of service DoS vulnerability in Buffer.fill, which could hang when being called CVE-2018-7167, bsc1097375. The following other changes were made : - Use...

Input validation

An Improper Input Validation vulnerability exists in Pro-Face GP-Pro EX v4.08 and previous versions which could cause the execution arbitrary executable when GP-Pro EX is launched...

MicroWorld Technologies eScan eScan Agent Application Access Control Error Vulnerability

MicroWorld Technologies eScan is a suite of antivirus software from MicroWorld, USA. It protects against spyware, malware, spam, etc. eScan Agent Application MWAGENT.EXE is one of the agent-side applications. An Access Control Error vulnerability exists in eScan Agent Application MWAGENT.EXE...

CVE-2018-1771

IBM Domino 9.0 and 9.0.1 could allow an attacker to execute commands on the system by triggering a buffer overflow in the parsing of command line arguments passed to nsd.exe. IBM X-force ID: 148687...

The vulnerability of the libdwfl library in the ELF Elfutils utility for modifying and analyzing binary files allows a attacker to cause a service failure.

The vulnerability of the libdwfl library’s dwflsegmentreportmodule.c file, a tool for modifying and analyzing binary ELF files, is due to a buffer overflow segmentation fault. Exploiting this vulnerability could allow an attacker to cause a service failure by using a specially created ELF file...

Microsoft Windows gdiplus GdipGetWinMetaFileBitsEx Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

Remote code execution

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

CVE-2018-20167

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \epn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types...

Windows Persistent Service Installer Exploit

This Module will generate and upload an executable to a remote host and then makes it a persistent service. It will create a new service which will start the payload whenever the service is running. Admin or system privilege is required. This module requires Metasploit:...

SolarWinds SFTP Server Detection (Windows SMB Login)

This script detects the installed version of SolarWinds SFTP Server for Windows. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2018-20002

The bfdgenericreadminisymbols function in syms.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31, has a memory leak via a crafted ELF file, leading to a denial of service memory consumption, as demonstrated by nm...