170 matches found
Adobe Reader DC JPEG2000 QCC Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...
Introducing Monitor.app for macOS
As a malware analyst or systems programmer, having a suite of solid dynamic analysis tools is vital to being quick and effective. These tools enable us to understand malware capabilities and undocumented components of the operating system. One obvious tool that comes to mind is Procmon from the...
The vulnerability of the Android operating system, which allows a hacker to execute code within the context of a privileged process
The vulnerability of the Android operating system’s security subsystem is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute code within the context of a privileged process, using a local malware application...
CVE-2016-6831
The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 it wil...
The vulnerability of the Adobe AIR software platform allows a perpetrator to increase the execution priority of a process from low to medium.
The vulnerability of the Adobe AIR software platform is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to increase the execution priority of processes from low to medium...
jBPM: BPMN2 file processing XXE in Process Execution
It was discovered that the jBPM runtime performed expansion of external parameter entities while executing BPMN2 files. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity XXE...
Trove: potential leak of passwords into log files
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...
Trove: potential leak of passwords into log files
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...
Trove: potential leak of passwords into log files
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...
Trove: potential leak of passwords into log files
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...
DEBIAN-CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...
UBUNTU-CVE-2014-7230
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...
CuteNews 1.4.6 editnews Module doeditnews Action Admin Moderation Bypass
No description provided by source. source: http://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that...
[SECURITY] Fedora 18 Update: php-symfony2-Process-2.2.10-1.fc18
The Process Component executes commands in sub-processes...
Windows Manage Reflective DLL Injection Module
This module will inject a specified reflective DLL into the memory of a process, new or existing. If arguments are specified, they are passed to the DllMain entry point as the lpvReserved 3rd parameter. To read output from the injected process, set PID to zero and WAIT to non-zero. Make sure the...
Nmap NSE: SMB psexec
This script attempts to implement remote process execution, allowing a user to run a series of programs on a remote machine and read the output. This is a wrapper on the Nmap Security Scanner's http://nmap.org smb-psexec.nse. OpenVAS Vulnerability Test $Id: gbnmapsmbpsexec.nasl 7006 2017-08-25...
ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - Cross-Site Scripting
ORACLE Business Process Management Process Administrator 5.7-6.0-10.3 - Cross-Site Scripting |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // //...
smb-psexec NSE Script
Implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a backdoor on a...
Oracle Application Server BPEL Module Cross Site Scripting (CVE-2008-4014)
Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. BPEL Business Process Execution Language is an XML based language used for describing...
MediaWiki 'IP'参数远程文件包含漏洞
BUGTRAQ: 9057 MediaWiki没有充分过滤用户提交的URI参数,远程攻击者可以利用这个漏洞包含远程服务器上的恶意文件,以WEB权限执行任意代码。 问题应该是对MediaWiki的'IP'参数缺少充分过滤,包含文件可被攻击者任意指令,如果指定远程服务器的恶意PHP文件,可导致以WEB进程权限执行。 MediaWiki-stable 20030829/20031107 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁: 修改php.ini配置文件,关闭'allowurlfopen'和'registerglobals'选项。 厂商补丁:...