UBUNTU-CVE-2017-9670

An uninitialized stack variable vulnerability in loadticseries in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact when a victim opens a specially crafted file...

DEBIAN-CVE-2017-9670

An uninitialized stack variable vulnerability in loadticseries in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact when a victim opens a specially crafted file...

Telegraph delivers better experience with Image Manager

The Telegraph Media Group TMG is a multi-media news publisher and its titles include The Daily Telegraph, The Sunday Telegraph and The Telegraph website. Today, its site serves more than 380 million pages to over 84 million unique visitors every month across the globe, featuring on average about...

PT-2017-19106 · Gnu +1 · Gnuplot +1

Name of the Vulnerable Software and Affected Versions: gnuplot version 5.2.rc1 Description: The issue is related to an uninitialized stack variable vulnerability in the load tic series function in set.c. This vulnerability can be exploited when a victim opens a specially crafted file, potentially...

Adobe Flash XML load Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the XML load method...

Cisco AnyConnect Secure Mobility Client Local Elevation of Privilege Vulnerability

The Cisco AnyConnect Secure Mobility Client is Cisco's next-generation VPN client. The Cisco AnyConnect Secure Mobility Client has a security vulnerability in the way DLL files are loaded, which can be exploited by a remote attacker to install and run executable files with system privileges...

samba: Loading shared modules from any path in the system leading to RCE (SambaCry)

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root...

Peplink 7.0.0-build1904 XSS / CSRF / SQL Injection / File Deletion

X41 D-Sec GmbH Security Advisory: X41-2017-005 Multiple Vulnerabilities in peplink balance routers =================================================== Overview -------- Confirmed Affected Versions: 7.0.0-build1904 Confirmed Patched Versions:...

JVN#06770361: Installer of Tera Term may insecurely load Dynamic Link Libraries

The installer of Tera Term provided by TeraTerm Project contains an issue with the DLL search path, which may lead to insecurely load Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the installer. Solution Use the latest installer Use...

KEMP LoadMaster 7.135.0.13245 XSS / Code Execution

Vulnerability Summary KEMPas main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster VLM deployed on HyperAV, VMWare, on bare metal or in the...

KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution Vulnerabilit

Exploit for multiple platform in category web applications Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster...

Remote code execution

Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it...

HTTP/2 push is tougher than I thought

"HTTP/2 push will solve that" is something I've heard a lot when it comes to page load performance problems, but I didn't know much about it, so I decided to dig in. HTTP/2 push is more complicated and low-level than I initially thought, but what really caught me off-guard is how inconsistent it ...

Samba is_known_pipename() Arbitrary Module Load Exploit

This Metasploit module triggers an arbitrary shared library load vulnerability in Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4. This Metasploit module requires valid credentials, a writeable folder in an accessible share, and knowledge of the server-side path of the writeable folder. In some...

KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution

Vulnerability Summary KEMP’s main product, the LoadMaster, is a load balancer built on its own proprietary software platform called LMOS, that enables it to run on almost any platform: As a KEMP LoadMaster appliance, a Virtual LoadMaster VLM deployed on Hyper­V, VMWare, on bare metal or in the...

Samba 3.5.0 < 4.4.14/4.5.10/4.6.4 - 'is_known_pipename()' Arbitrary Module Load (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samba isknownpipename Arbitrary Module Load', 'Description' = %q This module triggers an arbitrary shared library load vulnerability in Samba...

AutoTrace heap buffer overflow vulnerability (CNVD-2017-08481)

AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. A heap buffer overflow vulnerability exists in the 'pnmloadascii' function of input-pnm.c:303:12 in the libautotrace.a file in AutoTrace version 0.31.1. An attacker could exploit this vulnerability to execut...

AutoTrace heap buffer overflow vulnerability (CNVD-2017-08482)

AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. A heap buffer overflow vulnerability exists in the 'pnmloadrawpbm' function in the input-pnm.c:391:13 of the libautotrace.a file in AutoTrace version 0.31.1. An attacker could exploit this vulnerability to...

AutoTrace heap buffer overflow vulnerability (CNVD-2017-08483)

AutoTrace is a set of software for converting bitmap files Bitmap to vector files Vector. A heap buffer overflow vulnerability exists in the 'pnmloadraw' function of input-pnm.c:346:41 in the libautotrace.a file in AutoTrace version 0.31.1. An attacker can exploit this vulnerability to cause a he...

samba: Loading shared modules from any path in the system leading to RCE (SambaCry)

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root...