kernel: Missing permission check in move_pages system call

The movepages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. This enables a local attacker to learn the memory layout of a setuid executable allowing mitigation of ASLR...

Word Attachment Delivers FormBook Malware, No Macros Required

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware. Researchers at Menlo Security are reporting a wave of attacks that began last month that are targeting financial and...

GoldWave 5.70 - Local Buffer Overflow (SEH Unicode) Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: GoldWave 5.70 - Local Buffer Overflow SEH Unicode Date: 04-05-2018 Vulnerable Software: GoldWave 5.70 Vendor Homepage: https://www.goldwave.com/ Version: 5.70 Software Link:...

SUSE SLED12 / SLES12 Security Update : libvirt (SUSE-SU-2018:0861-1) (Spectre)

This update for libvirt fixes the following issues: Security issues fixed : - CVE-2017-5715: Fixes for speculative side channel attacks aka 'SpectreAttack' var2 bsc1079869. - CVE-2018-6764: Fixed guest executable code injection via libnssdns.so loaded by libvirtlxc before init bsc1080042. -...

Jungo DriverWizard WinDriver Denial of Service Vulnerability (CNVD-2018-08462)

Jungo DriverWizard WinDriver is a PCI/USB device driver development tool from Israel's Jungo Connectivity. A security vulnerability exists in the windrvr1260.sys file in Jungo DriverWizard WinDriver version 12.6.0. The vulnerability can be exploited by an attacker to cause a denial of service wit...

CVE-2018-9136

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service BSOD via a crafted .exe file, a different vulnerability than CVE-2018-8821...

CVE-2018-9136

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service BSOD via a crafted .exe file, a different vulnerability than CVE-2018-8821...

The vulnerability of the executable file dbman.exe on the HPE Intelligent Management Center PLAT software platform allows a perpetrator to execute arbitrary code.

The vulnerability of the dbman.exe executable on the HPE Intelligent Management Center PLAT software platform exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code in the SYSTEM context remotely...

Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)

/ Title: Linux/x86 - EggHunter Shellcode 11 Bytes Author: Anurag Srivastava Tested on: i686 GNU/Linux Shellcode Length: 11 Description: Smallest Null-Free Egg Hunter Shellcode - 11 Bytes Details: 1. Works with an executable EGG 2. Make sure you clear EDX, EAX registers in the shellcode before any...

Crashmail 1.6 - Stack-Based Buffer Overflow (ROP)

Crashmail 1.6 - Stack-Based Buffer Overflow ROP Exploit author: Juan Sacco Website: http://exploitpack.com Description: Crashmail is prone to a stack-based buffer overflow because the application fails to perform adequate boundary checks on user supplied input. Impact: An attacker could exploit...

CVE-2018-5731

An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the...

CVE-2018-5731

An issue was discovered in Heimdal PRO 2.2.190. As part of the scanning feature, a process called md.hs writes an executable called CS1.tmp to C:\windows\TEMP. Afterwards the executable is run. It is possible for an attacker to create the file first, let md.hs overwrite it, and then rewrite the...

Jungo DriverWizard WinDriver Denial of Service Vulnerability

Jungo DriverWizard WinDriver is a PCI/USB device driver development tool from Israel's Jungo Connectivity. A security vulnerability exists in the windrvr1260.sys file in Jungo DriverWizard WinDriver version 12.6.0. The vulnerability can be exploited by an attacker to cause a denial of service wit...

PT-2018-1306 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: Ipswitch WhatsUp Gold versions prior to 18.0 Description: A Server-Side Request Forgery SSRF issue was discovered in the NmAPI.exe executable. This allows malicious actors to submit specially crafted requests to gain unauthorized access to th...

CVE-2018-8832

enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page...

CVE-2018-8832

enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page...

CVE-2018-8821

windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service BSOD via a crafted .exe file...

CVE-2018-8809

In radare2 2.4.0, there is a heap-based buffer over-read in the dalvikop function of analdalvik.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted dex file...

File Traversal

github.com/cloudfoundry-attic/garden-linux is vulnerable to file traversal attacks. The garden-linux nstar executable allows attackers to read files within the host system that the BOSH-created vcap user has permission to read. This can be done by staging an application on Cloud Foundry using Die...

EulerOS 2.0 SP1 : nautilus (EulerOS-SA-2018-1053)

According to the version of the nautilus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when...