Lucene search
K

170 matches found

Zero Day Initiative
Zero Day Initiative
added 2017/11/14 12:0 a.m.30 views

Adobe Reader DC JPEG2000 QCC Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

4.3CVSS8AI score0.0672EPSS
Exploits0References1
FireEye
FireEye
added 2017/03/31 10:15 a.m.28 views

Introducing Monitor.app for macOS

As a malware analyst or systems programmer, having a suite of solid dynamic analysis tools is vital to being quick and effective. These tools enable us to understand malware capabilities and undocumented components of the operating system. One obvious tool that comes to mind is Procmon from the...

0.2AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2017/03/16 12:0 a.m.6 views

The vulnerability of the Android operating system, which allows a hacker to execute code within the context of a privileged process

The vulnerability of the Android operating system’s security subsystem is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute code within the context of a privileged process, using a local malware application...

9.3CVSS7.3AI score0.01823EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2017/01/10 3:0 p.m.70 views

CVE-2016-6831

The "process-execute" and "process-spawn" procedures did not free memory correctly when the execve call failed, resulting in a memory leak. This could be abused by an attacker to cause resource exhaustion or a denial of service. This affects all releases of CHICKEN up to and including 4.11 it wil...

7.5CVSS8.4AI score0.0175EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/08/07 12:0 a.m.6 views

The vulnerability of the Adobe AIR software platform allows a perpetrator to increase the execution priority of a process from low to medium.

The vulnerability of the Adobe AIR software platform is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to increase the execution priority of processes from low to medium...

4.3CVSS5.6AI score0.01304EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2015/04/16 4:2 p.m.5 views

jBPM: BPMN2 file processing XXE in Process Execution

It was discovered that the jBPM runtime performed expansion of external parameter entities while executing BPMN2 files. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XML eXternal Entity XXE...

7.5CVSS5.9AI score0.02655EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/12/02 4:59 p.m.13 views

Trove: potential leak of passwords into log files

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

2.1CVSS5.8AI score0.00469EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/11/03 8:36 a.m.5 views

Trove: potential leak of passwords into log files

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

2.1CVSS5.8AI score0.00469EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/11/03 8:25 a.m.4 views

Trove: potential leak of passwords into log files

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

2.1CVSS5.8AI score0.00469EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/11/03 8:25 a.m.6 views

Trove: potential leak of passwords into log files

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

2.1CVSS5.8AI score0.00469EPSS
Exploits0References4
OSV
OSV
added 2014/10/08 7:55 p.m.2 views

DEBIAN-CVE-2014-7230

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

2.1CVSS6.7AI score0.00469EPSS
Exploits0References1
OSV
OSV
added 2014/10/08 12:0 a.m.3 views

UBUNTU-CVE-2014-7230

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

2.1CVSS5.8AI score0.00469EPSS
Exploits0References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

CuteNews 1.4.6 editnews Module doeditnews Action Admin Moderation Bypass

No description provided by source. source: http://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that...

7.1AI score
Exploits0
Fedora
Fedora
added 2013/12/09 2:0 a.m.21 views

[SECURITY] Fedora 18 Update: php-symfony2-Process-2.2.10-1.fc18

The Process Component executes commands in sub-processes...

5CVSS2.5AI score0.01868EPSS
Exploits0
Metasploit
Metasploit
added 2013/07/02 7:48 p.m.100 views

Windows Manage Reflective DLL Injection Module

This module will inject a specified reflective DLL into the memory of a process, new or existing. If arguments are specified, they are passed to the DllMain entry point as the lpvReserved 3rd parameter. To read output from the injected process, set PID to zero and WAIT to non-zero. Make sure the...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2011/01/21 12:0 a.m.24 views

Nmap NSE: SMB psexec

This script attempts to implement remote process execution, allowing a user to run a series of programs on a remote machine and read the output. This is a wrapper on the Nmap Security Scanner's http://nmap.org smb-psexec.nse. OpenVAS Vulnerability Test $Id: gbnmapsmbpsexec.nasl 7006 2017-08-25...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2010/07/15 12:0 a.m.14 views

ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - Cross-Site Scripting

ORACLE Business Process Management Process Administrator 5.7-6.0-10.3 - Cross-Site Scripting |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // //...

0.2AI score
Exploits0
Nmap
Nmap
added 2009/11/20 4:19 p.m.120 views

smb-psexec NSE Script

Implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a backdoor on a...

10CVSS9.2AI score0.99448EPSS
Exploits33
Check Point Advisories
Check Point Advisories
added 2009/11/08 12:0 a.m.50 views

Oracle Application Server BPEL Module Cross Site Scripting (CVE-2008-4014)

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. BPEL Business Process Execution Language is an XML based language used for describing...

5.5CVSS6.9AI score0.01018EPSS
Exploits1
seebug.org
seebug.org
added 2009/09/04 12:0 a.m.33 views

MediaWiki 'IP'参数远程文件包含漏洞

BUGTRAQ: 9057 MediaWiki没有充分过滤用户提交的URI参数,远程攻击者可以利用这个漏洞包含远程服务器上的恶意文件,以WEB权限执行任意代码。 问题应该是对MediaWiki的'IP'参数缺少充分过滤,包含文件可被攻击者任意指令,如果指定远程服务器的恶意PHP文件,可导致以WEB进程权限执行。 MediaWiki-stable 20030829/20031107 临时解决方法: 如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁: 修改php.ini配置文件,关闭'allowurlfopen'和'registerglobals'选项。 厂商补丁:...

7.1AI score
Exploits0
Rows per page
Query Builder