OpenOffice Impress MetaActions Arbitrary Read Write Vulnerability(CVE-2016-1513)

Description An exploitable out-of-bounds vulnerability exists in OpenOffice when handling MetaActions. A specially crafted Open Office Impress file can cause an out-of-bounds read/write resulting in potential code execution. An attacker can provide the malicious file to trigger this vulnerability...

CVE-2017-2887

An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDLimage 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this...

CVE-2017-2888

An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a...

Mozilla Firefox < 56 Multiple Vulnerabilities (macOS)

The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 56. It is, therefore, affected by multiple vulnerabilities, some of which allow code execution and potentially exploitable application crashes. C Tenable Network Security, Inc. include'compat.inc'; if...

CVE-2017-1000111

Linux kernel: heap out-of-bounds in AFPACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packetsetring. Previously with PACKETVERSION. This time with PACKETRESERVE. The solution...

Moxa AWK-3131A Web Application systemlog.log Information Disclosure Vulnerability(CVE-2016-8725)

Summary An exploitable information disclosure vulnerability exists in the Web Application functionality of the Moxa AWK-3131A wireless access point running firmware 1.1. Retrieving a specific URL without authentication can reveal sensitive information to an attacker. Tested Versions Moxa AWK-3131...

Foscam IP Video Camera CGIProxy.fcgi SMTP Test Host Parameter Configuration Command Injection Vulnerability(CVE-2017-2841)

Summary An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting...

Buffer overflow

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability...

National Instruments LabVIEW RSRC Arbitrary Null Write Code Execution Vulnerability(CVE-2017-2779)

Summary An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW. A specially crafted VI file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this...

Radancy: Weak password

It takes ash123456789123456789 as a password,which is not secure.It can be cracked using Dictionary,brute force etc attacks. Impact: If password complexity is not enforced people may tend to put easily guessable password which may be exploitable for a malicious user. Solution-To make it more...

CVE-2017-2862

An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability...

Microsoft Edge Content Security Bypass Vulnerability

Summary An exploitable information leak vulnerability exists in the Content Security Policy enforcement functionality of Microsoft Edge 40.15063.0.0. A specially crafted web page can cause a content security policy bypass resulting in an information leak. An attacker can create a malicious webpag...

CVE-2017-2808

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this...

CVE-2017-2821

An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution...

CVE-2017-2822

An exploitable code execution vulnerability exists in the image rendering functionality of Lexmark Perceptive Document Filters 11.3.0.2400. A specifically crafted PDF can cause a function call on a corrupted DCTStream to occur, resulting in user controlled data being written to the stack. A...

CVE-2017-2862

An exploitable heap overflow vulnerability exists in the gdkpixbufjpegimageloadincrement functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability...

CVE-2017-2870

An exploitable integer overflow vulnerability exists in the tiffimageparse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability...

CVE-2017-2807

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability...

CVE-2017-2808

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this...

CVE-2017-2821

An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution...