UltraVNC 代码问题漏洞

UltraVNC is an open-source remote terminal control software developed by UltraVNC Inc. for the Windows platform. Version 1.6.4.0 of UltraVNC has a code vulnerability, which stems from an uncontrolled search path issue in the cryptbase.dll library...

Picklescan does not block ctypes

Summary Picklescan doesnt flag ctypes module as a dangerous module, which is a huge issue. ctypes is basically a foreign function interface library and can be used to Load DLLs Call C functions directly Manipulate memory raw pointers. This can allow attackers to achieve RCE by invoking direct...

Changing TCBServiSign 输入验证错误漏洞

Changing TCBServiSign is a cross-platform security control component from Changing, China. An input validation error vulnerability exists in versions prior to Changing TCBServiSign 1.0.24.0318. The vulnerability stems from a specific API that does not properly validate server-side input, allowing...

CVE-2022-41666

A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal ExpertV3.3 Hotfix 1 or prior, Pro-face...

CVE-2022-38266

An issue in the Leptonica linked library v1.79.0 allows attackers to cause an arithmetic exception leading to a Denial of Service DoS via a crafted JPEG file...

CVE-2022-38266

CVE-2022-38266 affects Leptonica’s library (v1.79.0) and can cause a DoS via a crafted JPEG, due to an arithmetic exception. Multiple connected sources (Mageia advisory MGASA-2022-0472 and Gentoo GLSA-202312-01) confirm Leptonica vulnerability and recommend upgrading to a newer Leptonica release ...

CVE-2022-38266

An issue in the Leptonica linked library v1.79.0 allows attackers to cause an arithmetic exception leading to a Denial of Service DoS via a crafted JPEG file...

PT-2021-17831 · Ca · Ca Ehealth Performance Manager

Name of the Vulnerable Software and Affected Versions: CA eHealth Performance Manager versions through 6.3.2.12 Description: The issue is related to Privilege Escalation via a Dynamically Linked Shared Object Library. A regular user can create a malicious library in the writable RPATH, which will...

Security Bulletin: IBM Sterling Connect:Direct FTP+ for Windows installers are vulnerable to attack (CVE-2016-4560)

Summary IBM Sterling Connect:Direct FTP+ for Windows installers are vulnerable to attack under certain conditions. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a remote attacker to execute arbitrary code on the system. The application does not direct...

Security Bulletin: Vulnerability in InstallShield affects IBM Sterling Connect:Direct for Microsoft Windows (CVE-2016-2542)

Summary An InstallShield vulnerability was disclosed by Flexera. InstallShield is used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera...

Symantec Norton Utilities DLL Preloading Vulnerability

Symantec Norton Utilities is a computer optimization tool from Symantec, which can be used to clean up the cache and other files in your computer and optimize the speed of your computer. A DLL preloading vulnerability exists in versions prior to Symantec Norton Utilities 16.0.3.44. An attacker ca...

Security Bulletin: IBM Forms Viewer Installation could allow a remote attacker to execute arbitrary code on the system (CVE-2016-2542)

Summary IBM Forms Viewer Installation could allow a remote attacker to execute arbitrary code on the system. If you have recently downloaded a copy of IBM Forms Viewer, use the information below to correct the vulnerability prior to installing the product. If you have already installed IBM...

Security Bulletin: IBM Forms Designer Installation could allow a remote attacker to execute arbitrary code on the system (CVE-2016-2542)

Summary IBM Forms Designer Installation could allow a remote attacker to execute arbitrary code on the system. If you have recently downloaded a copy of IBM Forms Designer, use the information below to correct the vulnerability prior to installing the product. If you have already installed IBM...

Security Bulletin: IBM Tealeaf Customer Experience installers vulnerable to attack (CVE-2016-2542)

Summary Installation programs for the Microsoft Windows components of IBM Tealeaf Customer Experience are vulnerable to attack under certain conditions. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could allow a remote attacker to execute arbitrary code on the...

Security Kinou Mihariban Untrustworthy Search Path Vulnerability

Security Kinou Mihariban is a security monitoring software from NIPPON TELEGRAPH AND TELEPHONE WEST, Japan. An untrustworthy search path vulnerability exists in Security Kinou Mihariban 1.0.21 and earlier versions. A remote attacker can exploit this vulnerability to gain privileges with the help ...

Microsoft Office DLL Loading Remote Code Execution Vulnerability

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A DLL loading remote code execution vulnerability exists in Microsoft Office OneNote 2007 version. An...

Measuresoft ScadaPro Server DLL Code Execution Vulnerability

Measuresoft ScadaPro Server is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Windows Live Messenger 14 - dwmapi.dll DLL Loading Arbitrary Code Execution

Microsoft Windows Live Messenger 14 - dwmapi.dll DLL Loading Arbitrary Code Execution // source: https://www.securityfocus.com/bid/48055/info Microsoft Windows Live Messenger is prone to a vulnerability that lets attackers execute arbitrary code. An attacker can exploit this issue by enticing a...