CVE-2017-2807

An exploitable buffer overflow vulnerability exists in the tag parsing functionality of Ledger-CLI 3.1.1. A specially crafted journal file can cause an integer underflow resulting in code execution. An attacker can construct a malicious journal file to trigger this vulnerability...

CVE-2017-2808

An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a use-after-free vulnerability resulting in arbitrary code execution. An attacker can convince a user to load a journal file to trigger this...

RubyGems 2.6.13 - Arbitrary File Overwrite

RubyGems 2.6.13 - Arbitrary File Overwrite There is no check for name field in metadata.gz. By assigning a maliciously crafted string like ../../../../../any/where to the field, an attacker can create an arbitrary file out of the directory of the gem, or even replace an existing file with a...

Brickcom IP Camera - Credentials Disclosure

Advisory Information ======================================== Title: Brickcom IP-Camera Remote Credentials and Settings Disclosure Vendor Homepage: http://www.brickcom.com Tested on Camera types: WCB-040Af, WCB-100A, WCB-100Ae, OB-302Np, OB-300Af, OB-500Af Remotely Exploitable: Yes...

Brickcom IP Camera - Credentials Disclosure

Brickcom IP Camera - Credentials Disclosure 1. Advisory Information ======================================== Title: Brickcom IP-Camera Remote Credentials and Settings Disclosure Vendor Homepage: http://www.brickcom.com Tested on Camera types: WCB-040Af, WCB-100A, WCB-100Ae, OB-302Np, OB-300Af,...

Lexmark Perceptive Document Filters PDF GfxFont Code Execution Vulnerability

Lexmark Perceptive Document Filters PDF GfxFont Code Execution Vulnerability Summary An exploitable use-after-free exists in the PDF parsing functionality of the Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in dire...

Abusing Token Privileges For LPE

Abusing Token Privileges For LPE. Papers exploit for Windows platform |=-----------------------------------------------------------------------=| |=----------------= Abusing Token Privileges For LPE=------------------=| |=-----------------------------------------------------------------------=|...

Mozilla: Buffer overflow manipulating ARIA elements in DOM (MFSA 2017-19)

A buffer overflow can occur when manipulating Accessible Rich Internet Applications ARIA attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

Trend Micro Smart Protection OS Command Injection

1. Advisory Information Title: Trend Micro Smart Protection OS Command Injection Advisory ID: CORE-2017-0004 Advisory URL:http://www.coresecurity.com/core-labs/advisories/trend-micro-smart-protection-os-command-injection Date published: 2017-08-23 Date of last update: 2017-08-23 Vendors contacted...

Design/Logic Flaw

There is an illegal address access in Sass::Eval::operator in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix available from GitHub after 2017-07-24...

QuantaStor Software Defined Storage < 4.3.1 - Multiple Vulnerabilities

--- Advisory details --- Title: QuantaStor Software Define Storage mmultiple vulnerabilities Advisory ID: VVVSEC-2017-6943 Advisory URL: http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt Date published: 12/08/2017 CVEs: CVE-2017-9978 "Brute force login request using http...

Adobe Flash - Invoke Accesses Trait Out-of-Bounds

Adobe Flash - Invoke Accesses Trait Out-of-Bounds Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1320 The attached fuzzed swf file causes the traits of an ActionScript object to be accessed out of bounds. This can probably lead to exploitable type confusion. Proof of Concept:...

Microsoft Edge - Out-of-Bounds Access when Fetching Source

Microsoft Edge - Out-of-Bounds Access when Fetching Source // The attached JavaScript file causes an out-of-bounds access of the source buffer when fetching the source for one of the functions during delayed compilation. The out-of-bounds value is then treated as the pointer to the source. This i...

Memory corruption

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 engine. Successful exploitation could lead to arbitrary code execution...

Memory corruption

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the MakeAccessible plugin when parsing TrueType font data. Successful exploitation could lead to arbitrary code...

Amazon Linux AMI : kernel (ALAS-2017-868)

Exploitable memory corruption due to UFO to non-UFO path switch CVE-2017-1000112 heap out-of-bounds in AFPACKET sockets CVE-2017-1000111 The mqnotify function in the Linux kernel does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, ...

Mozilla: Buffer overflow viewing certificates with long OID (MFSA 2017-19)

A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier OID. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

Critical: kernel

Issue Overview: Exploitable memory corruption due to UFO to non-UFO path switch CVE-2017-1000112 heap out-of-bounds in AFPACKET sockets CVE-2017-1000111 The mqnotify function in the Linux kernel does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a...

CVE-2017-7800

A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird 52.3, Firefox ESR 52.3, and Firefox 55...

CVE-2017-7802

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects...