CVE-2018-1352

CVE-2018-1352 : Fortinet FortiOS 5.6.0 is affected by a format-string vulnerability in the SSH username handling that can enable remote code execution or commands, potentially causing memory corruption. The vulnerability is tied to the SSH username variable and is described in Fortinet’s FG-IR-18...

CVE-2018-1352

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable...

CVE-2018-1352

A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable...

CVE-2018-16098

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user...

Design/Logic Flaw

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user...

CVE-2018-16098

In Lenovo ThinkPad laptops, an unquoted search path vulnerability in certain Synaptics Pointing Device driver versions could allow unauthorized code execution as a low-privilege user. The issue is caused by an unquoted path in the driver, with local attack vector and no user interaction required ...

CVE-2018-16098

In some Lenovo ThinkPads, an unquoted search path vulnerability was found in various versions of the Synaptics Pointing Device driver which could allow unauthorized code execution as a low privilege user...

Fortinet FortiOS 5.4.x < 5.4.6 / 5.6.x < 5.6.1 XSS (CVE-2017-3131)

The version of Fortinet FortiOS running on the remote device is 5.4.x prior to 5.4.6, or 5.6.x prior to 5.6.1. It is, therefore, affected by a Cross-site Scripting XSS vulnerability that allows attackers to execute unauthorized code or commands via the filter input in Applications under FortiView...

CVE-2018-19036

An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface...

VLC Media Player CAF Demuxer Integer Underflow Vulnerability - Mac OS X

VLC media player is prone to an integer underflow vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-6707

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent MA 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism...

Design/Logic Flaw

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent MA 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism...

CVE-2018-6707 McAfee Agent Insecure usage of temporary files vulnerability

Denial of Service through Resource Depletion vulnerability in the agent in non-Windows McAfee Agent MA 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to cause DoS, unexpected behavior, or potentially unauthorized code execution via knowledge of the internal trust mechanism...

Security feature bypass

A sandbox bypass vulnerability exists in Pipeline: Groovy Plugin 2.59 and earlier in groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java, groovy-cps/lib/src/main/java/com/cloudbees/groovy/cps/SandboxCpsTransformer.java that allows attackers with Job/Configure permissio...

AlienIP 2.41 - Denial of Service (PoC)

Exploit Title: AlienIP 2.41 - Denial of Service PoC Author: Arturo de la Cruz Tellez Discovery Date: 2018-10-17 Vendor Homepage: http://www.armcode.com Tested Version: 2.41 Tested on OS: Microsoft Windows 10 Home Single Language x64 Versión 10.0.10240 compilación 10240 PoC Steps to produce the...

CVE-2018-18260

Camaleon CMS (Ruby on Rails) vulnerability CVE-2018-18260 affects version 2.4 where a Stored XSS is possible via the User settings profile image upload path. The issue is triggered when a malicious payload is processed in the update/upload area through /admin/media/upload?actions=false, allowing ...

Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation

include "stdafx.h" include include include include pragma comment lib,"psapi" PULONGLONG leakbuffer = PULONGLONGVirtualAllocLPVOID0x000000001a000000, 0x2000, MEMRESERVE | MEMCOMMIT, PAGEREADWRITE; ULONGLONG leakQWORDULONGLONG addr, HANDLE driver memsetLPVOID0x000000001a000000, 0x11, 0x1000;...

Steam Bans Developer After Outcry Over Cryptomining, Scam Items

The popular Steam online gaming platform has pulled a simple, 2D game from its library, after it was found to be consuming an unusual amount of processing power on gamers’ machines. Steam owner Valve booted the game, “Abstractism,” after players lodged complaints about the game chewing up process...

Design/Logic Flaw

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update...

CVE-2018-13012

Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.12 allows the remote attacker to execute unauthorized code by substituting a forged update...