5020 matches found
CVE-2018-16484
A XSS vulnerability was found in module m-server 1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names...
CVE-2018-16480
A XSS vulnerability was found in module public 0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering...
Mail.ru: ICQ Windows Application is Vulnerable to DLL Search Order Hijacking
DLL injection via Download folder pollution during ICQ installation / first launch process was possible on some Windows installations with broken libraries dependencies Windows "Pro N" version designed for Europe is known to be affected in some installations...
CVE-2019-3587
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection MTP Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder...
CVE-2019-3587 DLL Search Order Hijacking vulnerability
DLL Search Order Hijacking vulnerability in Microsoft Windows client in McAfee Total Protection MTP Prior to 16.0.18 allows local users to execute arbitrary code via execution from a compromised folder...
The vulnerability of the NormaCS automation tool for working with regulatory documents allows a violator to execute any code they desire.
The vulnerability of the NormaCS tool for automating the processing of regulatory documents is related to the use of the MFC library set. It arises due to deficiencies in the restriction on the searchable range of dynamically loaded libraries. Exploiting this vulnerability could allow a malicious...
Interlace - Easily Turn Single Threaded Command Line Applications Into Fast, Multi Threaded Ones With CIDR And Glob Support
Easily turn single threaded command line applications into fast, multi threaded application with CIDR and glob support. Setup Install using: $ python3 setup.py install Dependencies will then be installed and Interlace will be added to your path as interlace. Usage Argument | Description ---|--- -...
TAU Threat Intelligence Notification: LamePyre (OSX)
Summary MalwareBytes researcher Adam Thomas recently discovered a malicious MacOS application masquerading as the chat app Discord that they have named “LamePyre." Although it is made to look like a typical application installer, it does not attempt to appear legitimate by running a decoy install...
January 8, 2019—KB4480978 (OS Build 16299.904)
January 8, 2019—KB4480978 OS Build 16299.904 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that affects PowerShell remoting loop back using non-administrator accounts...
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Exploit Title : KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Date : 10/12/2018 Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : https://www.kioware.com/ Tested on : Windows...
KioWare Server 4.9.6 Privilege Escalation
Exploit Title : KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Date : 10/12/2018 Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : https://www.kioware.com/ Tested on : Windows Server 2016 Standard x64 CVE : CVE-2018-18435 Description: ============ KioWa...
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation
Exploit Title : KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Date : 10/12/2018 Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : https://www.kioware.com/ Tested on : Windows Server 2016 Standard x64 CVE : CVE-2018-18435 Description: ============ KioWa...
libpff Denial of Service Vulnerability
libpff is a tool for accessing files in PFF Personal Folder File and OFF Offline Folder File formats. A security vulnerability exists in libpffitemtreecreatenode in the libpffitemtree.c file in versions prior to libpff experimental-20180714. An attacker can exploit this vulnerability to cause a...
CVE-2018-18331
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations...
CVE-2018-18331
A Trend Micro OfficeScan XG weak file permissions vulnerability on a particular folder for a particular group may allow an attacker to alter the files, which could lead to other exploits on vulnerable installations...
Razer US: DLL Hijacking Vulnerability in synapse-2
The Synapse 2 installer was subject to a DLL planting attack in the Downloads folder. This was fixed in May of 2019...
PrestaShop 1.6.x / 1.7.x Remote Code Execution
?php / PrestaShop 1.6.x = 1.6.1.23 & 1.7.x = 1.7.4.4 - Back Office Remote Code Execution See https://github.com/farisv/PrestaShop-CVE-2018-19126 for explanation. Chaining multiple vulnerabilities to trigger deserialization via phar. Date: December 1st, 2018 Author: farisv Vendor Homepage:...
Old-School Bagle Worm Still Ready for Modern Spam Campaigns
The long-running Bagle worm, affecting Microsoft Windows machines, is still out there, a throwback to an earlier time. Also referred to as Beagle, Bagle contains a backdoor that listens on TCP port 6777 which is hardcoded in the worm’s body. This backdoor component provides remote access to the...
CVE-2018-15773
Dell Encryption formerly Dell Data Protection | Encryption v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of...
Information disclosure
Dell Encryption formerly Dell Data Protection | Encryption v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of...