PT-2017-17363 · Libaudiofile +2 · Audio File Library +2

Name of the Vulnerable Software and Affected Versions: Audio File Library versions 0.3.0 through 0.3.6 Description: The issue is a heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h. This allows remote attackers to cause a denial of service cra...

Cisco AnyConnect SBL 4.3.04027 Local Privilege Escalation (CVE-2017-3813)

Run CMD.EXE with system privileges 1. Start Cisco anyconnect from logon screen. 2. Once the Cisco app comes up where you can select a profile and hit connect hold CTRL and hit B. 3. When the Cisco about window appears then select the URL at the bottom. This will open Internet Explorer or you can...

Shutter user-assisted remote code execution

Description. /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. 2. Proof of concept. 1 Rename an image to something like "$firefox" 2 Open the renamed file in...

UBUNTU-CVE-2017-5991

An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdfrunxobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fzpaintpixmapwithmask painting operation. Versions 1.11 and later are unaffected...

PT-2017-16811 · Artifex +1 · Mupdf +1

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF versions prior to 1912de5f08e90af1d9d0a9791f58ba3afdb9d465 Artifex MuPDF versions prior to 1.11 Description: An issue was discovered in the pdf run xobject function in pdf-op-run.c, which encounters a NULL pointer dereference...

CVE-2016-2787

The Puppet Communications Protocol in Puppet Enterprise 2015.3.x before 2015.3.3 does not properly validate certificates for the broker node, which allows remote non-whitelisted hosts to prevent runs from triggering via unspecified vectors...

DEBIAN-CVE-2016-3180

Tor Browser Launcher aka torbrowser-launcher before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature...

The vulnerability of the Android operating system, which allows a hacker to execute an application with privileges of the current user

The vulnerability of the Contacts component in the Android operating system is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to execute an application with privileges of the current user...

Vulnerabilities Leave iTunes, Apple's App Store Open to Script Injection

Apple is reportedly aware of and is in the middle of fixing a pair of vulnerabilities that exist in iTunes and the App Store. If exploited, researchers claim an attacker could inject malicious script into the application side of the vulnerable module or function. Vulnerability Lab’s Benjamin Kunz...

CVE-2016-8468

An elevation of privilege vulnerability in Binder could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform...

MS12-013: Vulnerability in C Run-Time Library could allow remote code execution: February 14, 2012

MS12-013: Vulnerability in C Run-Time Library could allow remote code execution: February 14, 2012 INTRODUCTION Microsoft has released security bulletin MS12-013. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

Cannot read event log Veeam MP – Management Servers

Challenge Error accessing event log on SCOM Management servers - Error 31551, 31552 in Event logs. Cause Starting in Veeam Management Pack for Microsoft System Center version 8, Dataset rules are used to collect host security profiles and snapshots. When a collector is installed on an agent, no...

UBUNTU-CVE-2016-10081

/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action...

Did You Install Super Mario Run APK for Android? That's Malware

After the success of Pokémon Go, Nintendo's "Super Mario Run" has become the hottest game to hit the market with enormous popularity and massive social impact. The game has taken the world by storm since its launch for iOS devices over a week ago. Can you believe — it was downloaded more than 40...

Shutter 0.93.1 - Code Execution

Shutter 0.93.1 - Code Execution Exploit Title: Shutter user-assisted remote code execution Date: 2016-12-26 Software Link: http://shutter-project.org/ Version: 0.93.1 Tested on: Ubuntu, Debian Exploit Author: Prajith P Website: http://prajith.in/ Author Mail: [email protected] CVE: CVE-2016-10081 1...

Temple Run - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Temple Run published at the 'play' market has multiple vulnerabilities...

active.com XSS vulnerability

Vulnerable URL: http://www.active.com/glow-run?category="'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 8916 VIP website status:| Yes Check active.com SSL connection:| Grade: ...

Windows 'Run As' Using Powershell

This module will start a process as another user using powershell. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 'Run As' Using Powershell', 'Description' = %q This module will start...

adidas train & run - Dangerous filesystem permissions, MIT license, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application adidas train & run published at the 'play' market has multiple vulnerabilities...

DEBIAN-CVE-2015-8870

Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service heap-based buffer over-read, or possibly obtain sensitive information from process memory, via crafted width and length values in RLE4 or RLE8 data in a BMP file...