CVE-2018-6947

CVE-2018-6947 is an uninitialised stack variable vulnerability in the nxfuse component of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier. It enables local, low-privilege users to gain elevation of privileges on Windows 7 (32/64-bit) and can cause a denial of service o...

CVE-2014-10070

zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...

CVE-2014-10070

Mode C: CVE-2014-10070 affects zsh prior to 5.0.7, where environment-imported initial values of integer variables may be evaluated instead of literals when zsh is invoked in privilege-elevation contexts with unsanitized env (e.g., sudo with env_reset disabled). This can enable local privilege esc...

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...

Security update for lame (important)

This update for lame fixes the following issues: Lame was updated to version 3.100: Improved detection of MPEG audio data in RIFF WAVE files. sf3545112 Invalid sampling detection New switch --gain decibel, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the...

NoMachine nxfuse Privilege Escalation

from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3 STATUSINVALIDHANDLE = 0xC0000008 shellcodelen = 90 s = aa s +=...

MiniUPnP <= 2.0 DoS Vulnerability (CVE-2017-1000494)

Uninitialized stack variable vulnerability in NameValueParserEndElt upnpreplyparse.c in miniupnpd allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might...

Cross site scripting

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value a...

CVE-2014-0013

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value a...

CVE-2014-0013

Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting XSS attacks by leveraging an application that contains templates whose context is set to a user-supplied primitive value a...

CVE-2018-0853

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run C2R allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability"...

EUVD-2018-1653

Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run C2R allow an information disclosure vulnerability, due to how Office initializes the affected variable, aka "Microsoft Office Information Disclosure Vulnerability"...

Chrome V8 Runtime_RegExpReplace Integer Overflow

Chrome: V8: Integer overflow in RuntimeRegExpReplace Here's a snippet of the method. ASSIGNRETURNFAILUREONEXCEPTION isolate, captureslengthobj, Object::ToLengthisolate, captureslengthobj; const int captureslength = PositiveNumberToUint32captureslengthobj; ... if functionalreplace const int argc =...

Microsoft Office 2013 Service Pack 1 Information Disclosure Vulnerability (KB3172459)

This host is missing an important security update according to Microsoft KB3172459 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

TrendNet AUTHORIZED_GROUP Information Disclosure Vulnerability

Exploit for hardware platform in category web applications TrendNet AUTHORIZEDGROUP Information Disclosure Full report: https://blogs.securiteam.com/index.php/archives/3627 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory describes an information disclosur...

Microsoft Office Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory. Exploitation of the...

glibc $ORIGIN Expansion Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...

web2py environment variable value vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security vulnerability exists in web2py versions prior to 2.14.1. When a user uses the standalone version, an attacker can exploit the vulnerability by...

NetEx HyperIP Post-Auth Command Execution

Vulnerability Details Affected Vendor: NetEx Affected Product: HyperIP Affected Version: 6.1.0 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command, CWE-250: Execution with Unnecessary Privileges Impact: Arbitrary Command...

Null pointer dereference

ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent attackers to cause a denial of service NULL pointer dereference via vectors involving the keyfile variable...