11231 matches found
NETGEAR Devices RCE Vulnerability
Several Netgear devices include unauthenticated webpages that pass form input directly to the command-line, allowing for a command injection attack in SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respecti...
Magento 2.2.7 and 2.1.16 Security update. Closes RCE,XSS and other vulnerabilities
More info at https://magento.com/security/patches/magento-2.2.7-and-2.1.16-security-update...
CVE-2018-1000859
creationtimestamp| type| source ---|---|--- 2018-11-27 22:53:35+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/phpimapopenrce.rb...
Node.js third-party modules: flatmap-stream malicious package (distributed via the popular events-stream)
I would like to report a case of malicious package flat-stream that made it's way into many other npm packages. One such popular package is event-stream user dominictarr transferred the ownership of an npm module to another user because he wasn't actively maintaining it. That user then added...
SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
More info at https://magento.com/security/patches/supee-10975...
SUPEE-10975 - Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
More info at https://magento.com/security/patches/supee-10975...
Microsoft Yammer Desktop Remote Code Execution Vulnerability - Windows
Microsoft Yammer Desktop is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Microsoft Yammer Desktop < 2.0.0 RCE Vulnerability - Mac OS X
Microsoft Yammer Desktop is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Adobe Flash Player Within Google Chrome Security Update (APSB18-44) - Linux
Adobe Flash Player is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Adobe Flash Player Security Update (APSB18-44) - Windows
Adobe Flash Player within Microsoft Edge or Internet Explorer is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers
In this post we’ll unpack a short -- but no less serious -- attack that affected some Linux-based systems, on October 31. Throughout the campaign, the attacker used a chain of vulnerabilities including the infamous Drupalgeddon2 and DirtyCOW, and system misconfigurations to persistently infect...
NoMachine for Windows <= 5.3.26, 6.x < 6.3.6 Trojan File RCE Vulnerability - Windows
NoMachine for Windows is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Safari+macOS full exploit chain-vulnerability and early warning-the black bar safety net
At this year's Pwn2Own 2018 game, there is more for the Apple Safari browser attack challenge, today we will introduce for Safari remote code executionRCE, sandbox escapes, local privilege escalationLPEand for macOS 10.13.3 kernel exploits. To attack the challenges of the environment settings...
CVE-2018-19274
CVE-2018-19274 affects phpBB < 3.2.4: remote code execution via Phar deserialization when an attacker with founder permissions can access the Admin Control Panel. The issue arises from using an absolute path in a file_exists check, enabling Object Injection. NVD data shows CVSSv3.1 base score ...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to a remote code execution RCE attack. The library does not properly handle objects in memory in the ValueType::MergeWithObject function in lib/Runtime/Language/ValueType.cpp, allowing a malicious user to inject and execute arbitrary code...
Remote Code Execution (RCE)
Microsoft.Chakracore is vulnerable to a remote code execution RCE attack. The library does not handle objects in the Scanner::LineLength function in lib/Parser/Scan.cpp, allowing a malicious user to inject and execute arbitrary code...
Nagios XI < 5.5.7 Multiple Vulnerabilities
Nagios XI is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagiosxi"; if description...
WordPress Duplicator Plugin < 1.2.42 RCE Vulnerability
An issue was discovered in Snap Creek Duplicator. By accessing leftover installer files installer.php and installer-backup.php, an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution. SPDX-FileCopyrightText: 2018 Greenbone AG Some tex...
SwitchVPN For MacOS / Windows 2.1012.03 Man-In-The-Middle Vulnerability
Exploit for multiple platform in category local exploits ======================================================================= Title: Insecure Update Process and RCE Product: SwitchVPN for MacOS, Windows Vulnerable version: 2.1012.03 CVE ID: Requested Impact: Critical Homepage:...
WordPress WooCommerce Plugin RCE Vulnerability - Windows
The WooCommerce Plugin for WordPress is prone to a remote code execution RCE vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...