Mozilla Firefox ESR < 52.0.1 CreateImageBitmap RCE

The version of Mozilla Firefox ESR installed on the remote Windows host is prior to 52.0.1. It is, therefore, affected by an integer overflow condition in the nsGlobalWindow::CreateImageBitmap function within file dom/base/nsGlobalWindow.cpp due to improper validation of certain input. An...

Mozilla Firefox < 52.0.1

The version of Firefox installed on the remote Windows host is prior to 52.0.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2017-08 advisory. - An integer overflow in createImageBitmap was reported through the Pwn2Own contest. The fix for this vulnerability disables the...

Mozilla Firefox ESR < 52.0.1 CreateImageBitmap RCE (macOS)

The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.0.1. It is, therefore, affected by an integer overflow condition in the nsGlobalWindow::CreateImageBitmap function within file dom/base/nsGlobalWindow.cpp due to improper validation of certain input. ...

CVE-2017-7318

Siklu Etherhaul devices (8010TX/1200FX) with firmware 7.4.0–10.7.3 are affected by an RCE due to the rfpiped service listening on TCP port 555 using hardcoded AES keys, enabling unauthenticated command execution. This is described as a failed patch for CVE-2017-7318 and may affect other Etherhaul...

Microsoft Office Multiple RCE and Information Disclosure Vulnerabilities (4013075)

This host is missing a critical security update according to Microsoft Bulletin MS17-013. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Oracle knowledge management system XXE vulnerability analysis: can lead to RCE-vulnerability warning-the black bar safety net

A vulnerability summary This article on the Oracle knowledge management system 8. 5. 1 announcements content analysis. Oracle's InQuira knowledge management products with the various sources of search technology, provides users with easy and convenient access to knowledge method, the knowledge of...

CVE-2016-8749

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks...

CVE-2016-8749

Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks...

Remote Code Execution(RCE)

ffmpeg is vulnerable to remote code execution RCE attacks. A heap-based buffer overflow in ffserver.c is caused by the failure to check chunk size mismatches. The resulted buffer overflow can be exploited to launch RCE...

Nuxeo 6.0/7.1/7.2/7.3 - Remote Code Execution (Metasploit)

=begin Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform. By crafting the upload request with a specific...

Pidgin < 2.12.0 libpurple/util.c purple_markup_unescape_entity() XML Entity Handling RCE

The version of Pidgin installed on the remote Windows host is prior to 2.12.0. It is, therefore, affected by a remote code execution vulnerability in the libpurple library in util.c due to an out-of-bounds writer error in the purplemarkupunescapeentity function that is triggered when handling...

Android 4.2 Browser and WebView - addJavascriptInterface Code Execution Exploit

Exploit for Android platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/exploit/android' class MetasploitModule OperatingSystems::Match::ANDROID, :ar...

HPE LoadRunner < 12.53 Patch 4 libxdrutil.dll mxdr_string() RCE

The version of HP LoadRunner installed on the remote Windows host is prior to 12.53 patch 4. It is, therefore, affected by a remote code execution vulnerability due to a heap-based buffer overflow condition in the mxdrstring function in libxdrutil.dll. An unauthenticated, remote attacker can...

Chef Manage RCE Vulnerability

Chef Manage is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

S2-046: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

It is possible to perform a RCE attack with a malicious Content-Disposition value or with improper Content-Length header. If the Content-Dispostion / Content-Length value is not valid an exception is thrown which is then used to display an error message to a user. This is a different vector for t...

Mozilla Firefox ESR < 45.8.0 RCE

Binary data 700013.prm...

Oracle Knowledge Management XXE Leading to a RCE

Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge tha...

Oracle Knowledge Management 12.1.1 12.2.5 - XML External Entity Leading To Remote Code Execution

Oracle Knowledge Management 12.1.1 12.2.5 - XML External Entity Leading To Remote Code Execution SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By...

GitHub Enterprise 2.8.x < 2.8.7 Management Console RCE Vulnerability - Active Check

GitHub Enterprise suffer from a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oracle Knowledge Management 12.1.1 &lt; 12.2.5 - XML External Entity Leading To Remote Code Execution

SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By enabling searches across a wide variety of sources, Oracle's InQuira knowledge management products...