CVE-2018-13012

The CVE-2018-13012 vulnerability affects SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite prior to version 4.4.12. Description: a flaw where code downloaded during updates is not validated with proper integrity checks, enabling ...

DEBIAN-CVE-2018-12895

WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can delete the wp-config.php file. This is related to missing filename validation in the...

CVE-2018-1000536

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

Cross site scripting

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

CVE-2018-1000536

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of th...

CVE-2018-1000534

Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...

Security Bulletin: IBM Security Access Manager for Mobile and IBM Security Access Manager for Web appliances - Remote Code Execution (CVE-2014-3073)

Summary An undisclosed vulnerability can allow unauthorized users to run unauthorized code on the IBM Security Access Manager for Mobile appliance / IBM Security Access Manager for Web appliance. Vulnerability Details CVE ID: CVE-2014-3073 DESCRIPTION: IBM Security Access Manager for Mobile / IBM...

CVE-2017-6015

CVE-2017-6015 affects Rockwell Automation FactoryTalk Activation, specifically the Activation Service prior to version 4.01.00. The root cause is an unquoted whitespace in file paths, which can let a local, authenticated user link to or execute a malicious executable, granting elevated privileges...

Kaspersky Password Manager DLL Hijacking Vulnerability (May 2018) - Windows

Kaspersky Password Manager is prone to a DLL hijacking vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2018-5486

NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ship with the Java Debug Wire Protocol JDWP enabled which allows unauthorized local attackers to execute arbitrary code...

Design/Logic Flaw

Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538...

CVE-2018-6306

Unauthorized code execution from specific DLL and is known as DLL Hijacking attack in Kaspersky Password Manager versions before 8.0.6.538...

CVE-2017-15692

In Apache Geode before v1.4.0, the TcpServer within the Geode locator opens a network port that deserializes data. If an unprivileged user gains access to the Geode locator, they may be able to cause remote code execution if certain classes are present on the classpath...

Audio Cutter Software - Code Injection Vulnerability

Exploit for windows platform in category dos / poc Technical Details: ================= Vulnerability Title: Audio Cutter Software - Code Injection Vulnerability Tool Name: Weeny Audio Cutter Software v1.5 Critical Level: High Author: Ajay Gowtham aka AJOXR Blackhat forums Type: Software Security...

Apache JMeter Security Bypass Vulnerability

Apache JMeter is the United States Apache Apache Software Foundation of a set of open source software written in Java language for stress testing and performance testing . A security vulnerability exists in Apache JMeter. An attacker can exploit the vulnerability to gain access to JMeterEngine an...

DEBIAN-CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

Design/Logic Flaw

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...

CVE-2018-1287

CVE-2018-1287 affects Apache JMeter 2.X and 3.X in Distributed Test (RMI-based) mode, where the jmeter server binds the RMI Registry to a wildcard host. This can allow an attacker to gain access to the JMeterEngine and send unauthorized code. The available connected documents confirm the vulnerab...

CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only RMI based, jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code...