CVE-2017-7000

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted we...

CVE-2018-6229

A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 edit policy script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system...

CMS Made Simple Remote Code Execution Vulnerability (CNVD-2018-06398)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism , etc. File Manager is one of the file management component ....

Xion 1.0.125 Buffer Overflow

!/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The aVenetiana Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original Advisory: http://www.exploit-db.com/exploits/14517 hadji samir...

Xion 1.0.125 - '.m3u' Local SEH-Based Unicode Venetian Exploit

!/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The “Venetian” Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original Advisory: http://www.exploit-db.com/exploits/14517 hadji samir...

Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit

Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit !/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The “Venetian” Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original...

CVE-2017-9274

A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...

Microsoft Windows kernel elevation of privilege vulnerability (CNVD-2018-05039)

Microsoft Windows is a series of operating systems released by Microsoft Corporation in the U.S. Windows kernel is one of the operating system kernels. An elevation of privilege vulnerability exists in the Microsoft Windows kernel. A local attacker can exploit this vulnerability by running a...

Adobe Acrobat Pro DC XPS Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Xxe

XML external entity XXE vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...

CVE-2014-3005

XML external entity XXE vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request...

CVE-2014-3244

CVE-2014-3244 concerns an XML external entity (XXE) vulnerability in the RSSDashlet dashlet of SugarCRM prior to 6.5.17. The underlying issue is an XXE in XML requests that allows an attacker to read arbitrary files or potentially execute arbitrary code. Affected product: SugarCRM RSSDashlet comp...

Google Chrome for Mac, Windows and Linux WebGL Heap Buffer Overflow Vulnerability

Google Chrome for Mac, Windows and Linux is a web browser developed by Google for the Mac, Windows and Linux platforms.WebGL is one of the 3D drawing standards. A heap buffer overflow vulnerability exists in WebGL in versions prior to Google Chrome 64.0.3282.119 for Windows, Mac, and Linux-based...

CVE-2017-12181

xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code...

Apache Geode Code Execution Vulnerability

Apache Geode cluster is the Apache Software Foundation's platform for providing real-time and consistent access to data for data-intensive applications in distributed cloud architectures. A security vulnerability exists in Apache Geode cluster. A remote attacker can exploit this vulnerability to...

CVE-2017-4950

VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by...

Microsoft Edge Scripting Engine Memory Corruption (CVE-2018-0777)

A remote code execution vulnerability has been reported in Microsoft Edge. The vulnerability is due to an Out-of-Bounds write in the JavaScript engine. A remote attacker can exploit this issue by enticing a victim to open a specially crafted web page that could cause memory corruption in a way th...

CVE-2017-10956

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2017-10956

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

CVE-2017-17561

SeaCMS 6.56 allows remote authenticated administrators to execute arbitrary PHP code via a crafted token field to admin/adminping.php, which interacts with data/admin/ping.php...