3765 matches found
OSV-2020-1661 Use-of-uninitialized-value in fuzzing::memory::memory_test_msan
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25181 Crash type: Use-of-uninitialized-value Crash state: fuzzing::memory::memorytestmsan cryptofuzz::ExecutorBase::postp cryptofuzz::ExecutorBase::Run...
CVE-2020-1581
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the syste...
CVE-2020-1581
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the syste...
CVE-2020-1556
An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a...
CVE-2020-1581 Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
...
CVE-2020-1581
CVE-2020-1581 is an elevation of privilege vulnerability in Microsoft Office Click-to-Run (C2R). The issue stems from how C2R components handle objects in memory, enabling an attacker who already has code execution rights to elevate privileges by running a specially crafted application. The offic...
Unfollow-Plus - Automated Instagram Unfollower Bot
Automated Instagram Unfollower Bot. Installation : apt update apt install git curl -y git clone git://github.com/htr-tech/unfollow-plus.git cd unfollow-plus Run : bash unfollower.sh Single Command : apt update ; apt install git curl -y ; git clone git://github.com/htr-tech/unfollow-plus.git ; cd...
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Aug 2020)
This host is missing a critical security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Microsoft Office Click-to-Run Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run C2R components handle objects in memory. An attacker who successfully exploited the vulnerability could elevate privileges. The attacker would need to already have the ability to execute code on the syste...
Linux Container Enumeration
This module attempts to enumerate containers on the target machine and optionally run a command on each active container found. Currently it supports Docker, LXC and RKT. Module Options msf use post/linux/gather/enumcontainers msf postenumcontainers show actions ...actions... msf postenumcontaine...
Microsoft Office 365 (2016 Click-to-Run) Multiple Vulnerabilities (Jul 2020)
This host is missing an important security update according to Microsoft Office Click-to-Run updates. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
OSV-2020-1006 Use-of-uninitialized-value in decimate_dsd_run
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19928 Crash type: Use-of-uninitialized-value Crash state: decimatedsdrun WavpackUnpackSamples WavpackSeekSample64...
Microsoft Windows Speech Brokered API Elevation of Privilege Vulnerability
Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation.Microsoft Windows is an operating system for personal devices.Microsoft Windows Server is a server operating system. A security vulnerability exists in the way memory objects are handled in the Microsoft...
RSA IG&L Aveksa 7.1.1 - Remote Code Execution Vulnerability
Exploit for multiple platform in category web applications Exploit Title: RSA IG&L Aveksa 7.1.1 - Remote Code Execution Exploit Author: Jakub Palaczynski, Lukasz Plonka Vendor Homepage: https://www.rsa.com/ Version: 7.1.1, prior to P02 CVE : CVE-2019-3759 all vulnerable versions can be found at...
UBUNTU-CVE-2020-11538
In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out-of-bounds reads exist in the parsing of SGI image files, a different issue than CVE-2020-5311...
OSV-2020-201 Use-of-uninitialized-value in fuzzing::memory::memory_test_msan
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22453 Crash type: Use-of-uninitialized-value Crash state: fuzzing::memory::memorytestmsan cryptofuzz::ExecutorBase::postp cryptofuzz::ExecutorBase::Run...
The vulnerability of the Cisco IOS operating system’s virtual console, related to the use of pre-installed credentials, allows a perpetrator to gain access to the system and execute arbitrary commands with root privileges.
The vulnerability of the Cisco IOS virtual console is related to the use of pre-installed credentials. Exploiting this vulnerability can allow a perpetrator to gain access to the system and execute arbitrary commands with root privileges...
CVE-2020-3269
Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details...
Logic flaws exist in the network freight service platform of Jiangsu Material Run Shiplink Network Co.
Ltd.'s network freight service platform can meet the business needs of new carriers and provide personalized functions such as QR code for private cargo sources. There is a logic flaw vulnerability in the network freight service platform of Jiangsu Material Runnings Shipping Union Network Co., Lt...
UBUNTU-CVE-2020-14004
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script run as part of the icinga2 systemd service executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrar...