kernel: Incorrectly mapped contents of PIE executable

The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected...

PT-2017-3250 · Gnu +1 · Libffi +1

Name of the Vulnerable Software and Affected Versions: libffi versions prior to 3.1 Description: The issue is caused by libffi requesting an executable stack, allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. This is due to a buffer overflow operation in...

UBUNTU-CVE-2017-1000376

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi...

APC UPS Daemon Local Lift Vulnerability

Apcupsd APC UPS Daemon can be used for power management and control of most APC UPS models on Unix and Windows machines. APC UPS Daemon is vulnerable to a local privilege extraction vulnerability. It allows locally authenticated, unprivileged users to run arbitrary code with elevated privileges b...

Debian: Security Advisory (DSA-3889-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AVET - AntiVirus Evasion Tool

AVET is an AntiVirus Evasion Tool, which was developed for making life easier for pentesters and for experimenting with antivirus evasion techniques. In version 1.1 lot of stuff was introduced, for a complete overview have a look at the CHANGELOG file. Now 64bit payloads can also be used, for...

CVE-2017-7884

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM...

Default configuration

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM...

CVE-2017-7884

In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default installation of APCUPSD allows a local authenticated, but unprivileged, user to run arbitrary code with elevated privileges by replacing the service executable apcupsd.exe with a malicious executable that will run with SYSTEM...

APC UPS Daemon 3.14.14 Privilege Escalation

Credits: fragsh3ll aka Richard Young + Contact: https://twitter.com/fragsh3ll Vendor ========== http://www.apcupsd.org Product =========== APC UPS Daemon = 3.14.14 Vulnerability Type ===================== Privilege Escalation Vendor Description ===================== Apcupsd can be used for power...

CVE-2017-0298

A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker ...

KBVault MySQL 0.16a - Arbitrary File Upload

Exploit Title: KBVault MySQL v0.16a - Unauthenticated File Upload to Run Code Google Dork: inurl:"FileExplorer/Explorer.aspx" Date: 2017-06-14 Exploit Author: Fatih Emiral Vendor Homepage: http://kbvaultmysql.codeplex.com/ Software Link: http://kbvaultmysql.codeplex.com/downloads/get/858806...

AppCheck and AppCheck Pro Untrustworthy Search Path Vulnerabilities

AppCheck and AppCheck Pro are both anti-tampering software. An untrusted search path vulnerability exists in AppCheck versions prior to 2.0.1.15 and AppCheck Pro versions prior to 2.0.1.15. An attacker can exploit this vulnerability to execute arbitrary code with the help of a specially crafted...

Microsoft Win32k Elevation of Privilege (CVE-2017-8468)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable file...

Microsoft Win32k Elevation of Privilege (CVE-2017-8465)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by enticing a user to run a specially crafted executable file...

JVN#27198823: Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency may insecurely invoke an executable file

Installer of electronic tendering and bid opening system provided by Acquisition, Technology & Logistics Agency contains an issue with the search path for executable files, which may lead to insecurely invoking an executable file. Impact This vulnerability can be exploited when the following...

CVE-2017-2214

Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...

CVE-2016-7838

Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory...

CVE-2016-7838

Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory...

Design/Logic Flaw

Untrusted search path vulnerability in WinSparkle versions prior to 0.5.3 allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory...