SUSE-SU-2017:1391-1 Security update for samba

This update for samba fixes the following issue: - An unprivileged user with access to the samba server could cause smbd to load a specially crafted shared library, which then had the ability to execute arbitrary code on the server as 'root'. CVE-2017-7494, bso12780, bsc1038231...

GNU Bash code execution vulnerability in path completion(CVE-2017-5932)

1 Introduction GNU Bash from version 4.4 contains two bugs in its path completion feature leading to a code execution vulnerability. An exploit can be realized by creating a file or directory with a specially crafted name. A user utilizing GNU Bash's built-in path completion by hitting the Tab...

Adobe Flash Player Code Execution Vulnerability (CNVD-2017-06317)

Adobe Flash Player is a software developed by Adobe, Inc. and is a widely used, proprietary multimedia program player. A code execution vulnerability exists in Adobe Flash Player, which can be exploited by an attacker to execute arbitrary code to compromise an affected system...

Adobe Acrobat and Reader Memory Corruption Vulnerability (CNVD-2017-04698)

Adobe Acrobat and Reader is the United States Adobe developed a portable document format can be used to publish all the documents of the editing software. A memory corruption vulnerability exists in Adobe Acrobat and Reader, which can be exploited by an attacker to compromise a vulnerable system,...

OPENSUSE-SU-2017:0961-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: Security issue fixed: - CVE-2016-10190: remote code execution vulnerability 1 - libavformat/http.c boo1022920 Detailed ChangeLog: - 3.1.6: https://github.com/FFmpeg/FFmpeg/blob/e08b1cf2df8cfdb3394aa5ab0320739f8b5a1c4f/Changelog - 3.2.4:...

OPENSUSE-SU-2017:0958-1 Security update for ffmpeg

This update for ffmpeg fixes the following issues: Security issue fixed: - CVE-2016-10190: remote code execution vulnerability 1 - libavformat/http.c boo1022920 Detailed ChangeLog: - 3.1.6: https://github.com/FFmpeg/FFmpeg/blob/e08b1cf2df8cfdb3394aa5ab0320739f8b5a1c4f/Changelog - 3.2.4:...

Remote Command Execution Vulnerability in iGuardian Security Guardian

iGuardian is a router-based application embedded in the Linux operating system, with Snort an intrusion detection system as an embedded command-and-control system. A remote command execution vulnerability exists in the iGuardian Security/apps/login.php file. This allows an attacker to remotely...

Trend Micro InterScan Web Security Virtual Appliance ConfigIPNetwork saveNetworkConfiguration isDHCP6_data Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro InterScan Web Security Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within ConfigIPNetwork's saveNetworkConfiguration method. A...

CVE-2017-6361

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors...

OP5 5.3.5 / 5.4.0 / 5.4.2 / 5.5.0 / 5.5.1 - license.php Remote Command Execution Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'OP5 license.php Remote Command Execution', 'Description' = %q This...

Code Execution Vulnerability Found in Libpurple IM Library

A severe vulnerability has been disclosed in libpurple, the library used in the development of a number of popular instant messaging clients, including Pidgin and Adium for the macOS platform. Adium 1.5.10.2 is vulnerable and can be exploited to run arbitrary code remotely. A researcher who goes ...

Microsoft Edge JavaScript Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

FreeBSD : irssi -- use-after-free potential code execution (06f931c0-0be0-11e7-b4bf-5404a68ad561)

The irssi project reports : Use after free while producing list of netjoins CWE-416. This issue was found and reported to us by APic. This issue usually leads to segmentation faults. Targeted code execution should be difficult. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

Adobe Flash Player Code Execution Vulnerability (CNVD-2017-04298)

Adobe Flash Player is a software developed by Adobe, Inc. and is a widely used, proprietary multimedia program player. A code execution vulnerability exists in Adobe Flash Player, which can be exploited by an attacker to execute arbitrary code in the context of a user running in an affected...

Security Update for Microsoft Word 2016 (KB3178674) 32-Bit Edition

A security vulnerability exists in Microsoft Word 2016 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

Ohu Government System/design/catid_user_save.php Code Execution Vulnerability

Ohuhu government system is the government portal system of Shanghai Ohuhu Network Technology Co. A code execution vulnerability exists in the Eurohoo government system/design/catidusersave.php. An attacker can exploit the vulnerability to execute arbitrary php code...

Ubuntu: Security Advisory (USN-3222-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 3803-1 (texlive-base - security update)

It was discovered that texlive-base, the TeX Live package which provides the essential TeX programs and files, whitelists mpost as an external program to be run from within the TeX source code called \write18. Since mpost allows to specify other programs to be run, an attacker can take advantage ...

CVE-2017-6406

CVE-2017-6406 affects Veritas NetBackup (Before 7.7.2) and NetBackup Appliance (Before 2.7.2). It enables arbitrary privileged command execution via a whitelist directory escape using substrings like "../". The root cause is a directory traversal that can lead to privilege escalation with local a...

CVE-2016-6104

IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions, which could allow the attacker to execute arbitrary code on the vulnerable system...