CVE-2018-6707 McAfee Agent Insecure usage of temporary files vulnerability

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent MA 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism...

Security feature bypass

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permissio...

CVE-2018-18260

Camaleon CMS (Ruby on Rails) vulnerability CVE-2018-18260 affects version 2.4 where a Stored XSS is possible via the User settings profile image upload path. The issue is triggered when a malicious payload is processed in the update/upload area through /admin/media/upload?actions=false, allowing ...

DEBIAN-CVE-2018-12895

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...

CVE-2018-1000536

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

Cross site scripting

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

CVE-2018-1000536

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

CVE-2017-6015

CVE-2017-6015 affects Rockwell Automation FactoryTalk Activation, specifically the Activation Service prior to version 4.01.00. The root cause is an unquoted whitespace in file paths, which can let a local, authenticated user link to or execute a malicious executable, granting elevated privileges...

Kaspersky Password Manager DLL Hijacking Vulnerability (May 2018) - Windows

Kaspersky Password Manager is prone to a DLL hijacking vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-5486

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol JDWP enabled which allows unauthorized local attackers to execute arbitrary code...

Design/Logic Flaw

Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538...

CVE-2018-6306

Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538...

CVE-2017-15692

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath...

Apache JMeter Security Bypass Vulnerability

Apache JMeter is the United States Apache Apache Software Foundation of a set of open source software written in Java language for stress testing and performance testing . A security vulnerability exists in Apache JMeter. An attacker can exploit the vulnerability to gain access to JMeterEngine an...

CVE-2018-1287

CVE-2018-1287 affects Apache JMeter 2.X and 3.X in Distributed Test (RMI-based) mode, where the jmeter server binds the RMI Registry to a wildcard host. This can allow an attacker to gain access to the JMeterEngine and send unauthorized code. The available connected documents confirm the vulnerab...

DEBIAN-CVE-2018-1297

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

UBUNTU-CVE-2018-1297

When using Distributed Test only RMI based, Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

CVE-2018-6353

The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 supports arbitrary Python code without considering 1 social-engineering attacks in which a user pastes code that they do not understand and 2 code pasted by a physically proximate attacker at an unattended workstation, which makes...

springfieldshrma.org XSS vulnerability

Open Bug Bounty ID: OBB-453515 Description| Value ---|--- Affected Website:| springfieldshrma.org Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

Race condition

NVIDIA driver contains a vulnerability where it is possible a use after free malfunction can occur due to a race condition which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as high. Product: Android. Version: N/A. Android ID:...