Microsoft Issues Emergency Patch For Critical RCE in Windows Malware Scanner

Microsoft's own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable. Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend. Security...

Google 0-Day Hunters Find 'Crazy Bad' Windows RCE Flaw

Update Monday, May 08, 2017: Microsoft has released an emergency security update to patch below-reported crazy bad remote code execution vulnerability in its Microsoft Malware Protection Engine MMPE that affects Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 operating systems...

U.S. Dept Of Defense: Remote code execution (RCE) in multiple DoD websites

A remote code execution RCE vulnerability was found on a DoD website which could have enabled an attacker to execute remote commands on the web server. Thank you @joaomatosf for notifying us of this vulnerability!...

Pwn2Own 2017: UAF in JSC::CachedCall (WebKit)

Pwn2Own 2017: UAF in JSC::CachedCall WebKit As a quick introduction, we are Samuel Groß, AKA saelo, and Niklas Baumstark, both students at Karlsruhe Institute of Technology, and have been playing CTF together for quite some time before we decided to team up for this year’s Pwn2Own. Today we are...

CVE-2017-8773

CVE-2017-8773 affects Quick Heal families (Internet Security, Total Security, AntiVirus Pro) and stems from out-of-bounds write on a heap buffer caused by improper validation of the dwCompressionSize in the Microsoft WIM Header WIMHEADER_V1_PACKED. This leads to Remote Code Execution and Privileg...

Remote Code Execution (RCE)

github.com/docker/docker is vulnerable to remote code execution RCE attacks. This allows attackers to execute code with root privileges through an image or build in a Dockerfile in an LZMA .xz archive...

Intel Active Management Technology 11.0.x < 11.0.25.3001 RCE

Binary data 700084.prm...

Intel Active Management Technology 9.x < 9.1.41.3024 RCE

Binary data 700081.prm...

Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution

Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...

Intel Management Engine Insecure Read / Write Operations RCE (INTEL-SA-00075) (remote check)

The Intel Management Engine on the remote host has Active Management Technology AMT enabled, and according to its self-reported version in the banner, it is running Intel manageability firmware version 6.x prior to 6.2.61.3535, 7.x prior to 7.1.91.3272, 8.x prior to 8.1.71.3608, 9.0.x or 9.1.x...

Remote Code Execution (RCE)

kmc is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Remote Code Execution (RCE)

nd-validator is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Remote Code Execution (RCE)

m2m-supervisor is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...

Tuleap 9.6.99.86 Command Injection Vulnerability

Exploit for php platform in category web applications Tuleap - Command Injection in Project Wiki CVE: CVE-2017-7981 CVSSv3: 9.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C Versions affected: = 8.3 and = 9.6.99.86 Introduction Tuleap is a Libre suite to plan, track, code and...

Tuleap 9.6.99.86 Command Injection

Tuleap - Command Injection in Project Wiki CVE: CVE-2017-7981 CVSSv3: 9.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C Versions affected: = 8.3 and = 9.6.99.86 Introduction Tuleap is a Libre suite to plan, track, code and collaborate on software projects. Tuleap helps development...

CVE-2017-2099

Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors...

H3C / HPE Intelligent Management Center accessMgrServlet Java Object Deserialization RCE

Binary data hpimccve-2017-5790.nbin...

H3C / HPE Intelligent Management Center RMI Java Object Deserialization RCE

The H3C or HPE Intelligent Management Center iMC web server running on the remote host is affected by a remote code execution vulnerability due to unsafe deserialization of Java objects to the Apache Commons BeanUtils library via the euplat RMI registry. An unauthenticated, remote attacker can...

IBM Domino IMAP EXAMINE Command Handling RCE (EMPHASISMINE)

According to its banner, the version of IBM Domino formerly IBM Lotus Domino running on the remote host is 8.5.1, 8.5.2, or 8.5.3 prior to 8.5.3 FP6 IF17, or else it is 9.0.0 or 9.0.1 prior to 9.0.1 FP8 IF2. It is, therefore, affected by a remote code execution vulnerability due to improper...

BigTree CMS - Bypass CSRF filter and execute code with PHPMailer

DESCRIPTION PHPMailer RCE CVE-2016-10033 An independent research uncovered a critical vulnerability in PHPMailer version Sender According to my analysis, if we can control the value of Sender, we can let sendmail save the context to any given path /var/www/html/shell.php, which means code...