CVE-2018-14795

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

Input validation

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

CVE-2018-14795

DeltaV DCS Workstations (Emerson) are affected by CVE-2018-14795 due to improper path validation (Relative Path Traversal). Affected products are DeltaV versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5. The vulnerability can allow an attacker to replace executable files. Public advisories/records ...

CVE-2018-14795

DeltaV Versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 is vulnerable due to improper path validation which may allow an attacker to replace executable files...

Emerson Electric DeltaV Privilege Mismanagement Vulnerability

Emerson Electric DeltaV is a digital automation system from Emerson Electric USA. The system offers I/O on-demand configuration, embedded intelligent control, and alarm panels. A security vulnerability exists in Emerson Electric DeltaV. An attacker could use this vulnerability to modify executabl...

Emerson Electric Deltav Path Traversal Vulnerability

Emerson Electric DeltaV is a digital automation system from Emerson Electric USA. The system offers I/O on-demand configuration, embedded intelligent control, and alarm panels. A path traversal vulnerability exists in Emerson Electric DeltaV, which stems from the program failing to properly...

Mozilla Firefox ESR < 60.1 Multiple Vulnerabilities

Binary data 700341.prm...

Sentinel License Manager lservnt.exe Component Denial of Service Vulnerability

Sentinel License Manager is a suite of software that remotely performs software license management. lservnt.exe is one of the Sentinel License Manager startup components. A security vulnerability exists in the lservnt.exe component of Sentinel License Manager version 8.5.3.35, which is caused by...

Downloads Resources over HTTP in haxe3

Affected versions of haxe3 insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the system...

DLL Hijacking Vulnerability in GE iFix scu.exe Component

GE Intelligent Platforms' GE-IP iFIX is the world's leading industrial automation software solution that provides process visualization, data acquisition and data monitoring of manufacturing operations. A DLL hijacking vulnerability exists in the GE iFix scu.exe component, which can be exploited ...

Cisco Email Security Appliance EXE File Security Bypass Vulnerability

Cisco Email Security Appliance ESA is a set of e-mail security appliances from the American company Cisco Cisco. The appliance provides spam protection, email encryption, data loss prevention and other features. An EXE file security bypass vulnerability exists in some of the attachment detection...

CVE-2018-0419

A vulnerability in certain attachment detection mechanisms of Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected system. The vulnerability is due to the improper detection of content within executable EXE files...

Downloads Resources over HTTP in jstestdriver

Affected versions of jstestdriver insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

GHSA-8WG9-92FR-6J7V marionette-socket-host downloads Resources over HTTP

Affected versions of marionette-socket-host insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

marionette-socket-host downloads Resources over HTTP

Affected versions of marionette-socket-host insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code executio...

CVE-2018-8316

A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10...

CVE-2018-8316

A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 11, Internet Explorer 10...

Microsoft Internet Explorer Remote Code Execution Vulnerability (CNVD-2018-16846)

Internet Explorer is a web browser from Microsoft. A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability stems from the program not properly validating hyperlinks before loading executable libraries. A remote attacker could exploit the vulnerability to...

Microsoft Office Elevation of Privilege Vulnerability (CNVD-2018-16847)

Microsoft Office is an office software suite of products developed by the American Microsoft Corporation Microsoft. An elevation of privilege vulnerability exists in Microsoft Office 2016 for Mac, which stems from the program not properly validating updates before executing them. A remote attacke...

Gather Available Shell Commands

This module will check which shell commands are available on a system." This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gather Available Shell Commands', 'Description' = %q This module will che...