The vulnerability of the executable file nvwsworker.exe in the NetVault Backup data archiving and restoration software allows a perpetrator to execute arbitrary code.

The vulnerability of the nvwsworker.exe executable software for NetVault Backup data archiving and restoration lies in the improper validation of the length of input data. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code with system privileges by...

Integrate Security Checks with RIPS CLI

Getting started Installation The installation of rips-cli is described in detail in our documentation. You can download the PHAR build of our CLI tool into your bin directory and make it executable with the following commands: 1 2 sudo wget...

CVE-2018-7706

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. dot dot in the option2 parameter in an attachment action to secmail/getmessage.exe...

CVE-2018-7703

Cross-site scripting XSS vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe...

IBM Notes DLL Loading Remote Code Execution Vulnerability

IBM Notes for Windows is a set of IBM's Windows-based platform for collaborative office software. The software has e-mail, calendar, scheduling and other office functions. A remote code execution vulnerability exists in IBM Notes for Windows. A remote attacker can cause a user to double-click on ...

MikroTik RouterOS 6.41.36.42rc27 - SMB Buffer Overflow

MikroTik RouterOS 6.41.36.42rc27 - SMB Buffer Overflow !/usr/bin/env python import socket import struct import sys import telnetlib NETBIOSSESSIONMESSAGE = "\x00" NETBIOSSESSIONREQUEST = "\x81" NETBIOSSESSIONFLAGS = "\x00" trick from http://shell-storm.org/shellcode/files/shellcode-881.php will...

[20180502] - Core - Add PHAR files to the upload blacklist

Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver...

Hola Insecure Service Privilege Vulnerability

Hola is a VPN software that supports anonymous web browsing. A security vulnerability exists in Hola version 1.79.859. An attacker can exploit this vulnerability to alter or overwrite executable files with arbitrary code to elevate privileges...

CVE-2018-6623

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists...

Privilege escalation

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists...

CVE-2018-6623

An issue was discovered in Hola 1.79.859. An unprivileged user could modify or overwrite the executable with arbitrary code, which would be executed the next time the service is started. Depending on the user that the service runs as, this could result in privilege escalation. The issue exists...

PT-2018-18414 · Syncbreeze · Syncbreeze Enterprise

Name of the Vulnerable Software and Affected Versions: SyncBreeze Enterprise version 10.6.24 Description: An issue was discovered in the web server of SyncBreeze Enterprise, where a user mode write access violation can occur on the syncbrs.exe memory region. This can be triggered by rapidly sendi...

Unrestricted file upload

Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension...

CVE-2014-2592

Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension...

CVE-2014-2592

The CVE-2014-2592 entry concerns Aruba Web Management portal with an unrestricted file upload vulnerability that could allow remote attackers to execute arbitrary code by uploading a file with an executable extension. The NVD entry confirms a high-severity issue (CVSS v2/9.8 in v3) with network a...

CVE-2014-2592

Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension...

Memory Access Overflow Vulnerability in Polaris Office 2017 (CNVD-2018-05710)

Polaris Office is an office software developed by INFRAWARE of Korea. You can view and edit Word documents, Excel tables, Microsoft Office PowerPoint slides and other commonly used office documents. A memory access overflow vulnerability exists in PWord.exe of Polaris Office 2017 when handling...

Gemalto SafeNet Authentication Service for Outlook Web App Agent Elevation of Privilege Vulnerability

Gemalto SafeNet Authentication Service for Outlook Web App Agent is a SafeNet Authentication Service agent for Outlook applications from Gemalto USA. A security vulnerability exists in Gemalto SafeNet Authentication Service for Outlook Web App Agent, which stems from the program's use of weak...

Gemalto SafeNet Authentication Service Windows Logon Agent elevation of privilege vulnerability (CNVD-2018-04633)

Gemalto SafeNet Authentication Service Windows Logon Agent is a SafeNet Authentication Service Windows Logon Agent from Gemalto USA. A security vulnerability exists in the Gemalto SafeNet Authentication Service Windows Logon Agent that stems from the program's use of weak access control lists for...

Gemalto SafeNet Authentication Service for AD FS Agent Elevation of Privilege Vulnerability

Gemalto SafeNet Authentication Service for AD FS Agent is a federated authentication service agent from Gemalto USA. A security vulnerability exists in Gemalto SafeNet Authentication Service for AD FS Agent, which stems from the program's use of weak access control lists for installation...