Adobe Acrobat and Reader Use After Free (APSB17-01: CVE-2017-2956; CVE-2017-2957)

A remote code execution vulnerability has been reported in Adobe Acrobat and Reader. The vulnerability is due to a use-after-free error in Adobe Reader and Acrobat while handling a specially crafted PDF file. A remote attacker can exploit this vulnerability by enticing a target user to open a...

Adobe Reader DC XSLT attribute-set Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within XSLT's...

CVE-2016-3173

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file e.g. an image which gets displayed at the portal application. Using script code at the file name leads t...

CVE-2016-6277

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow...

Adobe Flash Player Code Execution Vulnerability (CNVD-2016-12359)

Adobe Flash Player is a proprietary multimedia program developed by Adobe, Incorporated, and is widely used. A code execution vulnerability exists in Adobe Flash Player that could allow an attacker to execute arbitrary code within the user context of an affected application. A failed exploit...

Chrome Blink SpeechRecognitionController Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the seventeenth entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these...

Command Execution Vulnerability in China_user_add_op.php, the Security Isolation Gateway of Beijing Yuanwei Software Co.

Beijing Yuanwei Software Co., Ltd. security isolation gateway is a multi-network security isolation system based on terminal virtualization technology and network virtualization technology. A command execution vulnerability exists in chinauseraddop.php, the security isolation gateway of Beijing...

Epignosis eFront Code Execution Vulnerability

Epignosis eFront is an online learning system with an Ajax interface from Epignosis USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. A code execution vulnerability exists in the globals.php page in eFront version 3.6.1...

IBM WebSphere Application Server Code Execution Vulnerability (Oct 2016)

IBM WebSphere Application Server is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Reader and Acrobat Remote Code Execution Vulnerability (CNVD-2016-08976)

Adobe Reader and Acrobat are PDF file-related software: Adobe Reader is a free PDF file reader, Acrobat is a PDF file editing and conversion tools. A security vulnerability exists in Adobe Reader and Acrobat, which can be exploited by an attacker to execute arbitrary code in the context of the...

ImageMagick remote execution vulnerability analysis and exploit-vulnerability warning-the black bar safety net

1.1 ImageMagick description 1. ImageMagick description ImageMagick is a set of powerful, stable and open source set of tools and development kits that can be used to read, write and process the more than 8 9 basic format of the picture file, including the popular TIFF, JPEG, GIF, PNG, PDF, and...

Dropbear SSH Arbitrary Code Execution Vulnerability

Dropbear is a relatively small SSH server and client. An arbitrary code execution vulnerability exists in Dropbear dbclient, which can be exploited by a remote attacker to execute arbitrary code when a local dbclient user enters a specific -m or -c parameter...

ASUS RT-N10E Code Execution Vulnerability

ASUS RT-N10E Wireless Router is a wireless router device developed by ASUS. A code execution vulnerability exists in ASUS RT-N10E. An attacker can exploit the vulnerability to potentially execute system commands at some system commands. Code can also be executed via a cross-site request forgery...

AlienVault Unified Security Management Remote Command Execution Vulnerability

AlienVault Unified Security Management USM is a security management platform from AlienVault, Inc. that provides security monitoring, security event management and reporting, and threat awareness systems. A remote command execution vulnerability exists in AlienVault Unified Security Management US...

EUVD-2016-6623

cgi-bin/cgimain in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transferlicense command...

CVE-2016-5383

The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."...

Foxit Reader ConvertToPDF TIFF Parsing Remote Code Execution Vulnerability

Foxit Reader is China's Foxit Foxit Software Corporation produced a small PDF document viewing and printing program, PhantomPDF is a commercial version. Foxit Reader and PhantomPDF 8.0.0.624, as well as earlier versions of the ConvertToPDF plug-in has a security vulnerability that can be triggere...

The Installer of PhishWall Client Internet Explorer DLL Load Code Execution Vulnerability

SecureBrain Corporation is a provider of software and services including Japan-specific cyber fraud and malware attacks. A code execution vulnerability exists in The Installer of PhishWall Client Internet. The vulnerability allows attackers to execute arbitrary code...

Hancom Office 2014 VP Local Arbitrary Code Execution Vulnerability (CNVD-2016-06352)

Hancom Office 2014 VP is a cloud storage service solution developed by Hancom Korea. Hancom Office 2014 VP suffers from a local arbitrary code execution vulnerability that could be exploited by a local attacker to execute arbitrary code in the context of the application or conduct a denial of...

CVE-2016-5263

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."...