4272 matches found
The Sleuth Kit Buffer Overflow Vulnerability
The Sleuth Kit TSK is a collection of data forensic tools developed by software developer Brian Carrier. The tools are able to analyze file systems such as FAT, NTFS, UFS, etc. and provide detailed information about the file system, including deleted data. A buffer overflow vulnerability exists i...
CVE-2017-10950
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security 21.0.24.62. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...
CVE-2017-10950
CVE-2017-10950 affects Bitdefender Total Security (bdfwfpf kernel driver). The vulnerability lies in the handling of IOCTL 0x8000E038 where the driver fails to validate the existence of an object before operating on it, enabling a local attacker to execute arbitrary code in the SYSTEM context. Ex...
CVE-2017-11159
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse 1 shfolder.dll, 2 ntmarta.dll, 3 secur32.dll or 4 dwmapi.dll file in the...
CVE-2017-11160
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a Trojan horse 1 shfolder.dll, 2 ntmarta.dll, 3 secur32.dll or 4 dwmapi.dll file in the current worki...
CVE-2015-3649
The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a directory under /tmp containing "openuri-" followed by a crafted UID, and putting Ruby code in said directory once a meta file is created...
SIMPlight SCADA Software DLL Load Local Code Execution Vulnerability
SIMPlight SCADA is software for building management systems and automation equipment. SIMPlight SCADA Software suffers from a DLL Load Native Code Execution vulnerability that could be exploited by an attacker to submit a special file to trick a user into requesting and elevating privileges...
Solar Controls WATTConfig M Software DLL Load Local Code Execution Vulnerability
Solar Controls WATTConfig M Software is a suite of software for use in Solar Controls devices from Solar Controls, Czech Republic. A security vulnerability exists in Solar Controls WATTConfig M Software version 2.5.10.1 and earlier. The vulnerability can be exploited by an attacker to execute...
Denial of service
HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts...
DEBIAN-CVE-2017-7980
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator Qemu 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service crash via vectors related to a VNC client updating its display after a VGA operation...
CVE-2017-2344
A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service kernel panic or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running...
Juniper Networks Junos OS Sockets Library Buffer Overflow Vulnerability
Junos OS is prone to a buffer overflow vulnerability in the sockets library. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2017-1297
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 includes DB2 Connect Server is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159...
CVE-2017-8464
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK fil...
Lenovo Service Bridge Local Code Execution Vulnerability
Lenovo Service Bridge is a Windows program from the Chinese company Lenovo Lenovo that automatically detects the serial number and model number of your device. A local code execution vulnerability exists in versions prior to Lenovo Service Bridge 4. An attacker could exploit this vulnerability to...
reiserfstune 3.6.25 Buffer Overflow
Title: reiserfstune 3.6.25 a Local Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A - Download -...
Eject dmcrypt-get-device local code execution vulnerability
dmcrypt-get-device is in the debian and Linux eject packages. eject is the command to eject the CD and run CD-Changers under Linux. A local code execution vulnerability exists in eject dmcrypt-get-device. A local attacker could exploit this vulnerability to execute arbitrary code using elevated...
CVE-2017-9046
winpm-32.exe in Pegasus Mail aka Pmail v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers th...
CVE-2017-0596
An elevation of privilege vulnerability in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are n...
CVE-2017-0604
An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require...