Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution

Description: The remote code execution is a combination of 4 different vulnerabilities: CVE-2017-11151 allows remote attackers to upload arbitrary files to the specified directories. CVE-2017-11152 allows remote attackers to log in with a fake authentication mechanism. CVE-2017-11153 allows remot...

Trihedral VTScada 8.x < 11.2.02 Multiple Vulnerabilities

Binary data scadatrihedralvtscada11202.nbin...

Memory Corruption Vulnerability in WebKit Component of Multiple Apple Products (CNVD-2017-34452)

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with the Mac OS X and iOS operating systems. iCloud for Windows is a cloud service based on the Windows platform. WebKit is...

STDU Viewer Buffer Overflow Vulnerability (CNVD-2017-30281)

STDU Viewer is a free file viewer that supports multiple formats. The program supports TIFF, PDF, DjVu, XPS and WWF formats. A buffer overflow vulnerability exists in STDU Viewer version 1.6.375. A local attacker can exploit this vulnerability with a specially crafted .xps file to execute arbitra...

CVE-2017-4924

VMware ESXi ESXi 6.5 without patch ESXi650-201707101-SG, Workstation 12.x before 12.5.7 and Fusion 8.x before 8.5.8 contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host...

Unrestricted file upload

Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code...

Code injection

The mkdumprd script called "dracut" in the current working directory "." allows local users to trick the administrator into executing code as root...

Google Chrome Type Obfuscation Vulnerability (CNVD-2017-31823)

Google Chrome is an open source web browser. A type obfuscation vulnerability exists in Google Chrome V8, which allows remote attackers to exploit the vulnerability to submit a special request and execute arbitrary code...

Google Chrome Uninitialized Value Error Vulnerability

Google Chrome is an open source web browser. Google Chrome Skia uses uninitialized values that allow remote attackers to exploit vulnerabilities to submit special requests, listen for messages or execute code...

Abusing BITS: BITSInject

Windows’ BITS service is a middleman for your download jobs. You start a BITS job, and from that point on, BITS is responsible for the download. But what if we tell you that BITS is a careless middleman? We have uncovered the way BITS maintains its jobs queue using a state file on disk, and found...

ALC WebCTRL i-Vu/SiteScan Web Path Traversal Vulnerability

ALC WebCTRL is the building automation platform. A security vulnerability exists in ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior versions that allows an authenticated user to overwrite files used to execute code...

Adobe Acrobat/Reader Memory Corruption Vulnerability (CNVD-2017-21194)

Adobe Reader/Acrobat is a popular application for working with PDF files. A memory corruption vulnerability exists in Adobe Reader/Acrobat. Allowing an attacker to construct a malicious PDF file and trick the user into parsing it could crash the application or execute arbitrary code...

Adobe Acrobat Pro DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Acrobat Pro DC ImageConversion EMF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Candy Chat Cross-Site Scripting Vulnerability

Candy Chat is an open source multi-user chat software based on the XMPP protocol. A cross-site scripting vulnerability exists in Candy Chat. A remote attacker can exploit this vulnerability to execute code on a page via message senders...

PT-2017-12: Buffer Overflow in Intel Management Engine

The specialists of the Positive Research center have detected a Buffer Overflow vulnerability in Intel Management Engine. Multiple buffer overflows in Intel Manageability Engine Firmware, Server Platform Services Firmware, and Trusted Execution Engine Firmware allow attackers with local access to...

DotNetNuke Remote Code Execution Vulnerability

DotNetNuke DNN is a set of U.S. DNN company supported by Microsoft , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. A security vulnerability exists in versions of DotNetNuke prior to 9.1.1. A remote...

EUVD-2017-15791

A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected device. The vulnerability is due to a...

Microsoft Windows Win32k Elevation of Privilege Vulnerability (CNVD-2017-16984)

Microsoft Windows is a family of operating systems released by Microsoft Corporation in the U.S. Win32k is the 32-bit environment of its operating system. An elevation of privilege vulnerability exists in Win32k in Microsoft Windows, which stems from a failure of the Graphics component to properl...

KLA11070 Multiple vulnerabilities in Microsoft Edge and Microsoft Internet Explorer

Multiple serious vulnerabilities have been found in Microsoft Edge and Microsoft Internet Explorer. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code and spoof user interface. Below is a complete list of vulnerabilities: 1. An improper...