The software of Mitsubishi Electric’s E1000 E-Designer panel programming system is vulnerable due to buffer overflows in memory. This allows attackers to execute arbitrary code under the authority of the administrator or trigger a service failure.

The vulnerability of Mitsubishi Electric’s E1000 E-Designer panel programming software lies in buffer overflows that occur during the processing of configuration files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on behalf of the administrator or trigger a...

MULTIPROG suffers from a buffer overflow vulnerability in processing LST files

MULTIPROG is the PLC programming software of TENGCONTROL TECHNOLOGY China. MULTIPROG has a buffer overflow vulnerability in the handling of LST files, where an attacker can cause a buffer overflow and arbitrary code execution by constructing a malformed LST file...

MGASA-2018-0225 Updated libcdio packages fix security vulnerabilities

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS CVE-2017-18198. A NULL pointer dereference flaw was...

Integer overflow

An exploitable integer overflow exists in the way that the Blender open-source 3d creation suite v2.78c draws a Particle object. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An...

MGASA-2018-0209 Updated libcdio packages fix security vulnerabilities

A heap corruption bug was found in the way libcdio handled processing of ISO files. An attacker could potentially use this flaw to crash applications using libcdio by tricking them into processing crafted ISO files, thus resulting in local DoS CVE-2017-18198. A NULL pointer dereference flaw was...

OMRON CX-One CX-Motion sscanf Stack-based Buffer Overflow Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of OMRON CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of M...

CVE-2017-18189

A NULL pointer dereference flaw found in the way SoX handled processing of AIFF files. An attacker could potentially use this flaw to crash the SoX application by tricking it into processing crafted AIFF files...

CVE-2018-1000047

NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak library's data processing function that can result in remote code execution. This attack appear to be exploitable via Victim opens an untrusted file for optimization using Kodiak library...

UBUNTU-CVE-2017-17935

The Filereadline function in epan/wslua/wsluafile.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service buffer underflow and application crash via a crafted packet that triggers the attempted processing of an empty line...

Ulterius Server < 1.9.5.0 - Directory Traversal Exploit

Exploit for windows platform in category remote exploits Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access Date: 11/13/2017 Exploit Author: Rick Osgood Vendor Homepage: https://ulterius.io/ Software Link:...

Ulterius Server &lt; 1.9.5.0 - Directory Traversal

Exploit Title: Ulterius Server 1.9.5.0 Directory Traversal Arbitrary File Access Date: 11/13/2017 Exploit Author: Rick Osgood Vendor Homepage: https://ulterius.io/ Software Link: https://github.com/Ulterius/server/tree/0e4f2113da287aac88a8b4c5f8364a03685d393d Version: 1.9.5.0 Tested on: Windows...

Design/Logic Flaw

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."...

CVE-2017-14298

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8."...

Code Execution Vulnerability in CAJ Cloud Reading

CAJ Cloud Reader is a CAJ reader that supports internet reading. CAJ Cloud Reader suffers from a code execution vulnerability when processing caj files, due to the program failing to properly parse the file format. An attacker can exploit this vulnerability to execute arbitrary code...

Heap-based Buffer Over-read

ImageMagick is vulnerable to heap-base buffer over-reads. The flaw in the TIFFWriteScanline function in tifwrite.c can be triggered through a file being processed in convert...

Heap-based Buffer Over-read

ImageMagick is vulnerable to heap-base buffer over-reads. The flaw in the WriteUILImage function can be triggered through a file being processed in convert...

CVE-2017-11536

When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image function in coders/jp2.c...

CVE-2017-11096

When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead to a NULL Pointer Dereference in the swfDeleteFilter function in lib/modules/swffilter.c...

CVE-2017-11098

Removed by vendor...

XnView Classic for Windows Buffer Overflow Vulnerability (CNVD-2017-14506)

XnView Classic for Windows is an image viewing software for Windows developed by French software developer Gougelet Pierre-Emmanuel. The software can be used to view, convert, organize and edit graphic and video files. A buffer overflow vulnerability exists in version 2.40 of XnView Classic for...