PT-2018-16320 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera version 1.8.7.0D Description: An exploitable code execution issue exists in the firmware update functionality. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can...

phptpoint Pharmacy Management System 1.0 - 'username' SQL Injection

Exploit Title: phptpoint Pharmacy Management System 1.0 - 'username' SQL injection Date: 2018-10-24 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: https://www.phptpoint.com/pharmacy-management-system/ Version: 1 Tested...

Double free

Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2018-17183

Artifex Ghostscript before 9.25 allowed a user-writable error exception table, which could be used by remote attackers able to supply crafted PostScript to potentially overwrite or replace error handlers to inject code...

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution RCE attacks. The attack exists due to a detached buffer bug that causes arbitrary memory reading and writing that can cause arbitrary code to be executed. This CVE is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294...

Security Update for Microsoft Word 2013 (KB4018347) 32-Bit Edition

A security vulnerability exists in Microsoft Word 2013 32-Bit Edition that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability...

MGASA-2018-0118 Updated php-smarty packages fix security vulnerability

Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch or display functions on custom resources that does not sanitize template nameCVE-2017-1000480...

CVE-2017-16602

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of NetGain Systems Enterprise Manager 7.2.730 build 1034. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw...

CVE-2017-1000188

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile resulting in code injection...

CVE-2017-1000188

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile resulting in code injection...

MGASA-2017-0398 Updated sdl2 packages fix security vulnerability

Yves Younan of Cisco Talos discovered an exploitable integer overflow vulnerability when creating a new RGB Surface in SDL 2.0.x before version 2.0.7. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and...

CVE-2017-7100

An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to...

Installer of "Flets Setsuzoku Tool" may insecurely load Dynamic Link Libraries

Overview Installer of "Flets Setsuzoku Tool"provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC...

MGASA-2017-0254 Updated perl-XML-LibXML packages fix security vulnerability

Use-after-free in the XML-LibXML module through 2.0129 for Perl allows attackers to execute arbitrary code by controlling the arguments to a replaceChild call CVE-2017-10672...

fastjson < 1.2.24 remote code execution vulnerability

No description provided by source...

Design/Logic Flaw

An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tinymce/plugins/codemirror/dialog.php" URL. An attacker could execu...

CVE-2016-6620

An issue was discovered in phpMyAdmin. Some data is passed to the PHP unserialize function without verification that it's valid serialized data. The unserialization can result in code execution because of the interaction with object instantiation and autoloading. All 4.6.x versions prior to 4.6.4...

WordPress WP-DownloadManager Plugin 1.68.1 arbitrary file upload vulnerability

Vulnerability file: download-add.php Vulnerability code: if ! empty $POST'do' checkadminreferer'wp-downloadmanageradd-file'; // Decide What To Do switch $POST'do' // Add File case 'Add File', 'wp-downloadmanager': $filetype = ! empty $POST'filetype' ? intval $POST'filetype' : 0; switch$filetype...

Ultrabenosaurus ChatBoard - Cross-Site Request Forgery (Send Message)

form na...

CVE-2016-1118

Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service memory corruption via unspecified vectors...