143 matches found
CVE-2017-9274
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
Command injection
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
UBUNTU-CVE-2017-9274
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
CVE-2017-9274 osc executes spec code during "osc commit"
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
CVE-2017-9274
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
Exploit for Out-of-bounds Write in Microsoft
PoC exploit for CVE-2018-0802, an arbitrary code execution vulne...
CVE-2016-6377
Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager VMP allows remote attackers to bypass authentication and make arbitrary Platform and Applications Manager PAM API calls via unspecified vectors, aka Bug ID CSCuz52110...
Cisco Virtual Media Packager Unauthorized Access Vulnerability
Cisco Virtual Media Packager is a virtual media packaging device. An unauthorized access vulnerability exists in Cisco Virtual Media Packager VMP versions 2.6 and earlier, which allows attackers to obtain sensitive information...
Cisco Virtual Media Packager PAM API Unauthorized Access Vulnerability
A vulnerability in the application programming interface API for the Platform and Applications Manager PAM for the Cisco Virtual Media Packager VMP could allow an unauthenticated, remote attacker to access the PAM API. The PAM API is only accessible using the SSL or TLS protocol. The vulnerabilit...
Man-in-the-Middle (MitM)
electron-packager is vulnerable to man-in-the-middle MitM attacks. The application by default sets the --strict-ssl variable to false, disabling SSL certificate validation. This can allow an attacker on an adjacent network to conduct a MitM attack during the electron package installation step...
SSL Validation Defaults to False
Overview Affected versions of electron-packager configure the generated application to disable SSL certificate verification by default. This could allow an attacker with a privileged network position to launch a Man In The Middle MITM attack on the install process, intercepting the step where...
Microsoft Office - COM Object DLL Planting with WMALFXGFXDSP.dll (MS16-007)
Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The attached POC docume...
Microsoft Office / COM Object - 'WMALFXGFXDSP.dll' DLL Planting (MS16-007)
Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The attached POC document "planted-mfplat.doc" contains what was originall...
Microsoft Office COM Object - WMALFXGFXDSP.dll DLL Planting (MS16-007)
Microsoft Office COM Object - WMALFXGFXDSP.dll DLL Planting MS16-007 Source: https://code.google.com/p/google-security-research/issues/detail?id=555 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially crafted OLE object. The...
Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll (MS15-132)
Microsoft Office COM Object - DLL Planting with comsvcs.dll Delay Load of mqrt.dll MS15-132 Source: https://code.google.com/p/google-security-research/issues/detail?id=556 It is possible for an attacker to execute a DLL planting attack in Microsoft Office 2010 on Windows 7 x86 with a specially...
KLA10499 Code execution vulnerability in NSIS
Lack of certificates verification was found in NSIS. By exploiting this vulnerability malicious users execute arbitrary code. This vulnerability can be exploited remotely via a specially designed certificate. Original advisories - Related products Nullsoft-Scriptable-Install-System CVE list...
Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability
Added: 10/24/2014 CVE: CVE-2014-4114 BID: 70419 OSVDB: 113140 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For...
Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability
Added: 10/24/2014 CVE: CVE-2014-4114 BID: 70419 OSVDB: 113140 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For...
Microsoft Windows - OLE Package Manager Code Execution (MS14-060) (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-060 Microsoft Windows OLE Package Manager Code Execution", 'Description' = %q This module exploits a vulnerability found in...
MS14-060 Microsoft Windows OLE Package Manager Code Execution
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "MS14-060 Microsoft Windows OLE Package Manager Code Execution", 'Description' = %q This module exploits a vulnerability found in...