Design/Logic Flaw

Untrusted search path vulnerability in AppCheck and AppCheck Pro prior to version 2.0.1.15 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory...

Net Monitor for Employees Pro Unordered Service Path Privilege Escalation Vulnerability

NetMonitorForEmployeesProfessional is a remote employee monitoring software, it is a software application for PC platforms, the software size is 13362KB. An out-of-order service path privilege escalation vulnerability exists in Net Monitor for Employees Pro. The vulnerability stems from a "block...

EulerOS 2.0 SP1 : icoutils (EulerOS-SA-2017-1089)

According to the versions of the icoutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple vulnerabilities were found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by...

CVE-2017-6638

A vulnerability in how DLL files are loaded with Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and run an executable file with privileges equivalent to the Microsoft Windows SYSTEM account. The vulnerability is due to incomplete input...

CVE-2017-7965

A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller...

CVE-2017-7563

In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MTEXECUTENEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits one bit versus two bits...

AppCheck may insecurely invoke an executable file

Overview AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc...

Parallels Desktop - Virtual Machine Escape

Parallels Desktop - Virtual Machine Escape + Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp...

Parallels Desktop - Virtual Machine Escape

Title: Parallels Desktop - Virtual Machine Escape + Product: Parallels + Vendor: http://www.parallels.com/products/desktop/ + Affected Versions: All Version Author : Mohammad Reza Espargham Linkedin : https://ir.linkedin.com/in/rezasp E-Mail : meatrezadotes , reza.esparghamatgmaildotcom Website :...

QuickSand.io - Tool For Scanning Streams Within Office Documents Plus Xor DB Attack

QuickSand is a compact C framework to analyze suspected malware documents to 1 identify exploits in streams of different encodings, 2 locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detect documents that contain zero-day or...

GNU Binutils Denial of Service Vulnerability (CNVD-2017-07207)

GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A denial-of-service vulnerability exis...

DEBIAN-CVE-2017-9039

GNU Binutils 2.28 allows remote attackers to cause a denial of service memory consumption via a crafted ELF file with many program headers, related to the getprogramheaders function in readelf.c...

UBUNTU-CVE-2017-9040

GNU Binutils 2017-04-03 allows remote attackers to cause a denial of service NULL pointer dereference and application crash, related to the processmipsspecific function in readelf.c, via a crafted ELF file that triggers a large memory-allocation attempt...

UBUNTU-CVE-2017-9038

GNU Binutils 2.28 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted ELF file, related to the bytegetlittleendian function in elfcomm.c, the getunwindsectionword function in readelf.c, and ARM unwind information that contains inval...

Rapid7 AppSpider Pro 'FLAnalyzer.exe' Buffer Overflow Vulnerability

AppSpider is a DAST solution designed to help application security personnel test applications as part of DevOps and as part of a scheduled scanning program. A buffer overflow vulnerability in the FLAnalyzer.exe component of Rapid7 AppSpider Pro can be exploited by an attacker to cause a denial o...

CVE-2017-2167

Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory...

Design/Logic Flaw

Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory...

PrimeDrive Desktop Application Installer may insecurely load executable files

Overview PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Eili Masami of...

JVN#16248227: PrimeDrive Desktop Application Installer may insecurely load executable files

PrimeDrive Desktop Application is the client application for PrimeDrive online storage service provided by SoftBank Corp. The installer of PrimeDrive Desktop Application contains an issue with the file search path, which may insecurely load executable files CWE-427. Impact Arbitrary code may be...

Multiple Quick Heal Product Security Bypass Vulnerabilities

Quick Heal Internet Security, Quick Heal Total Security and Quick Heal AntiVirus Pro are antivirus programs from Quick Heal India. A security vulnerability exists in the PE file in several Quick Heal products due to the program's failure to use the ASLR/DEP protection mechanism. An attacker can...