SRC-2018-0009 : Foxit Reader BMP Image Parsing BITMAPINFOHEADER biWidth Integer Overflow Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Command Execution Vulnerability in the pelco Sarix Enhanced Dot1xSetupController.php File

pelco Sarix Enhanced is a webcam. A command execution vulnerability exists in the pelco Sarix Enhanced Dot1xSetupController.php file. The vulnerability is caused due to the program failing to properly perform validity checks when processing user-submitted data, allowing an attacker who has been...

Cohu 3960HD Code Execution Vulnerability

The Cohu 3960HD is an IP zoom camera from Cohu USA that is typically used as a traffic camera. A code execution vulnerability exists in the Cohu 3960HD. An attacker can exploit this vulnerability to cause a denial of service or code execution by manipulating options sent to the camera...

CVE-2017-8700

A flaw was found in dotNET where the CORS attribute is not properly enforced or checked. An attacker could leverage this for possible remote execution...

OPENSUSE-SU-2017:2984-1 Security update for redis

This update for redis to version 4.0.2 fixes the following issues: - CVE-2016-8339: CONFIG SET client-output-buffer-limit Code Execution Vulnerability boo1002351 The following upstream changes are included: - SLOWLOG now logs the offending client name and address - The modules native data types R...

Artica Pandora FMS PHP Code Execution Vulnerability

Artica Pandora FMS Flexible Monitoring System is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS version 7.0. The vulnerability can be...

CVE-2017-15777

XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV near NULL starting at CADImage+0x0000000000288750."...

SUSE-SU-2017:2783-1 Security update for Linux Kernel Live Patch 12 for SLE 12 SP1

This update for the Linux Kernel 3.12.69-606429 fixes one issue. The following security bugs were fixed: - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not consider the case of a NULL payload in conjunction with a nonzero length value, which allowed local users to cause a denial...

NUUO NVR Web Interface RCE

The remote network video recorder doesn't properly sanitize some user input which can allow a remote unauthenticated user to execute commands as root. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid103928; scriptversion"1.6";...

Security Update for Microsoft Word 2016 (KB4011222) 64-Bit Edition

A security vulnerability exists in Microsoft Word 2016 64-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Code Execution Vulnerability in Ocean CMS v6.55

Ocean CMS seacms is a video-on-demand system designed for webmasters with different needs. A code execution vulnerability patch bypass exists in Ocean CMS v6.55. Allows an attacker to remotely execute arbitrary code and gain server privileges...

Security Updates for Microsoft Office Compatibility Pack SP3 (October 2017)

Microsoft Office Compatibility Pack SP3 is missing a security update. It is, therefore, affected by a remote code execution vulnerability : - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who...

SUSE-SU-2017:2660-1 Security update for libvirt

This update for libvirt fixes several issues. This security issue was fixed: - bsc1053600: Escape ssh commed line to prevent interpreting malicious hostname as arguments, allowing for command execution These non-security issues were fixed: - bsc1025340: Use xend for nodeGetFreeMemory API -...

AntennaHouse DMC HTMLFilter DHFSummary Code Execution Vulnerability(CVE-2016-8384)

Summary An exploitable heap corruption vulnerability exists in the DHFSummary functionality of AntennaHouse DMC HTMLFilter. A specially crafted doc file can cause a heap corruption resulting in arbitrary code execution. An attacker can provide a malicious doc file to trigger this vulnerability...

CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."...

DocuWorks Viewer Light Code Execution Vulnerability - Windows

DocuWorks Viewer Light is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Corel PHOTO-PAINT X8 TIFF Parsing Code Execution Vulnerability

Corel PHOTO-PAINT X8 is the Canadian Corel Corel company's set of color and photo editing software. A remote code execution vulnerability exists in the TIFF parsing feature in Corel PHOTO-PAINT X8 version 18.1.0.661. A remote attacker could exploit this vulnerability to execute arbitrary code or...

No Fix Planned For LabVIEW Bug, Says National Instruments

Automated test equipment and virtual instrumentation software behemoth National Instruments said it will not patch software that security researchers at Cisco Talos said is flawed and could result in code execution by third-party attackers. The affected software is LabVIEW, a leading program...

SUSE-SU-2017:2320-1 Security update for git

This update for git fixes the following issues: - CVE-2017-1000117: A client side code execution via shell injection when receiving special submodule strings from a malicious server was fixed bsc1052481...

Dokodemo eye Smart HD SCR02HD Arbitrary PHP Code Execution Vulnerability

Dokodemo eye Smart HD SCR02HD is a wireless monitor from NIPPON ANTENNA. The Dokodemo eye Smart HD SCR02HD suffers from an arbitrary PHP code execution vulnerability that can be exploited by an attacker to execute arbitrary PHP code on the product...