CVE-2018-1411

IBM Notes Diagnostics IBM Client Application Access and IBM Notes could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710...

CVE-2018-7217

In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...

CVE-2018-7217

In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an...

Google Chrome Unspecified Security Vulnerability (Feb 2018) - Mac OS X

Google Chrome is prone to an unspecified remote security vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Update to add SHA-2 code signing support for Windows Server 2008 SP2

Update to add SHA-2 code signing support for Windows Server 2008 SP2 Summary This update provides support for the Secure Hash Algorithm-2 SHA-2 code signing and verification functionality in the 64-bit version of Windows Server 2008 Service Pack 2 SP2 which includes the following: Support for...

SoftZone office demo prone to memory overflow vulnerability

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. A memory overflow vulnerability exists in RZoffice Presentations.exe when processing special ppt files. An attacker can exploit the...

SoftZone office demo prone to null pointer reference vulnerability (CNVD-2018-04281)

SoftZone Office RZoffice is an office software, which is compatible with MS Office and consists of three parts: word processing, spreadsheet and presentation. RZoffice Presentations.exe has a null pointer reference vulnerability when handling special ppt files. An attacker can exploit the...

EulerOS 2.0 SP2 : nautilus (EulerOS-SA-2018-1034)

According to the version of the nautilus packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An untrusted .desktop file with executable permission set could choose its displayed name and icon, and execute commands without warning when...

CVE-2016-8742

The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB...

glibc - '$ORIGIN' Expansion Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule "glibc '$ORIGIN' Expansion Privilege Escalation", 'Description' = %q This...

glibc '$ORIGIN' Expansion Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule "glibc '$ORIGIN' Expansion Privilege Escalation", 'Description' = %q This...

A vulnerable driver: lesson almost learned

Recently, we started receiving suspicious events from our internal sandbox Exploit Checker plugin. Our heuristics for supervisor mode code execution in the user address space were constantly being triggered, and an executable file was being flagged for further analysis. At first, it looked like...

Polaris office 2017 suffers from a denial of service vulnerability (CNVD-2018-03856)

Polaris Office is an office software developed by INFRAWARE of Korea. You can view and edit Word documents, Excel tables, Microsoft Office PowerPoint slides and other commonly used office documents. A denial of service vulnerability exists in PSlide.exe of Polaris office 2017 when opening a ppt...

Vivotek IP Cameras - Remote Stack Overflow (PoC) Vulnerability

Exploit for multiple platform in category remote exploits STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no...

UBUNTU-CVE-2018-6759

The bfdgetdebuglinkinfo1 function in opncls.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, has an unchecked strnlen operation. Remote attackers could leverage this vulnerability to cause a denial of service segmentation fault via a crafted ELF file...

GNU Binutils load_specific_debug_section() function denial of service vulnerability

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A security vulnerability exists in the...

MagniComp SysInfo mcsiwrapper Privilege Escalation

This module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This module abuses...

Denial of Service Vulnerability in WPS Software of Kingsoft Corporation Ltd.

WPS Office is an office software suite independently developed by Kingsoft Corporation Limited, which can realize the most commonly used text, table, presentation and many other functions of office software. Kingsoft WPS software has a memory access vulnerability when viewing the executable progr...

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)

Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 29/01/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.4.18.exe Version: 10.4.18 Tested on:...