56796 matches found
Hancom Hangul HCell CSSValFormat::CheckUnderbar Code Execution Vulnerability(CVE-2016-4296)
Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. When opening a Hangul Hcell Document .cell and...
LexMark Perceptive Document Filters XLS Convert Code Execution Vulnerability(CVE-2016-4335)
Description An exploitable buffer overflow exists in the XLS parsing of the Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution. Tested Versions Lexmark Perceptive Document Filters Product URLs...
Hancom Hangul HCell HncChart CFormulaTokenSizeModifier Code Execution Vulnerability(CVE-2016-4295)
Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. When opening a Hangul Hcell Document .cell and...
Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service(CVE-2016-3369)
Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...
Typecho 1.1(15.5.12)前台任意代码执行漏洞
No description provided by source...
Hancom Hangul Office HShow!NXDeleteLineObj+0x47269 Code Execution Vulnerability(CVE-2016-4292)
Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. When opening a Hangul HShow Document .hpt and...
Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service(CVE-2016-4304)
Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...
Hancom Hangul Office HShow!NXDeleteLineObj+0x560cb Code Execution Vulnerability(CVE-2016-4298)
Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. When opening a Hangul HShow Document .hpt and...
Hancom Hangul HCell Workbook Table and Pivot Style Code Execution Vulnerability(CVE-2016-4293)
Description This vulnerability was discovered within the Hangul Hcell application which is part of the Hangul Office Suite. Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. When opening a Hangul Hcell Document .cell and...
Hopper Disassembler ELF Section Header Size Code Execution Vulnerability(CVE-2016-8390)
Summary An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with...
LibTIFF PixarLogDecode Remote Code Execution Vulnerability(CVE-2016-5875)
Summary An exploitable heap based buffer overflow exists in the handling of compressed TIFF images in LibTIFF's PixarLogDecode api. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. The vulnerability can be triggered through any user controlled...
Iceni Argus ipfSetColourStroke Code Execution Vulnerability(CVE-2016-8333)
Summary An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code exection. An attacker can provide a malicious pdf file to trigger this vulnerability...
Outlook Home Page – Another Ruler Vector
Ruler has become a go to tool for us on external engagements, easily turning compromised mailbox credentials into shells. This has resulted in security being pushed forward and Microsoft responding with patches for the two vectors used in Ruler, namely rules and forms. These were patched with...
LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability(CVE-2016-5652)
Summary An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...
FreeImage Library XMP Image Handling Code Execution Vulnerability(CVE-2016-5684)
Summary An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this...
GMER Path Length Code Execution Vulnerability(CVE-2016-4289)
Summary A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99...
Foxit PDF Reader JBIG2 Parser Information Disclosure Vulnerability(CVE-2016-8334)
Summary A large out of bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. Tested Versions Foxit Software Foxit Reader 8.0.2.805 Produc...
Iceni Argus ipNameAdd Code Execution Vulnerability(CVE-2016-8335)
Summary An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability...
Macro-less Code Exec in MSWord
Authors: Etienne Stalmans, Saif El-Sherei What if we told you that there is a way to get command execution on MSWord without any Macros, or memory corruption?! Windows provides several methods for transferring data between applications. One method is to use the Dynamic Data Exchange DDE protocol...
LibTIFF Tag Extension Remote Code Execution Vulnerability(CVE-2016-8331)
Summary An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application usin...
Redis CONFIG SET client-output-buffer-limit command Code Execution Vulnerability(CVE-2016-8339)
Summary An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Tested Versions...
PHP Melody Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on. A truly...
seacms6. 55 search.php code execution vulnerability
No description provided by source...
HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability(CVE-2016-4331)
Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...
McAfee Security Scan Plus Remote Command Execution
Vulnerability Summary The following advisory describes a Remote Command Execution found in McAfee Security Scan Plus version 3.11.587.1 McAfee Security Scan Plus is “a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus,...
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass(CVE-2017-14243)
Exploit Title: UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass Vulnerability CVE: CVE-2017-14243 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: UTStar WA3002G4 ADSL Broadband Modem Firmware version: WA3002G4-0021.01...
OrientDB 2.2.2 < 2.2.22 - Remote Code Execution
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OrientDB 2.2.x Remote Code Execution', 'Description' = %q This module leverages a privilege escalation on...
Network Time Protocol Broadcast Mode Poll Interval Enforcement Denial of Service Vulnerability(CVE-2016-7428)
Summary An exploitable denial of service vulnerability exists in the broadcast mode poll interval enforcement functionality of ntpd. To limit abuse, ntpd restricts the rate at which each broadcast association will process incoming packets. ntpd will reject broadcast mode packets that arrive befor...
ArcGIS Server 10.3.1: RMIClassLoader RCE
Using an Esri-provided image on Azure's Marketplace, ArcGIS Server 10.3.1 started Java's rmid on port 1098 and explicitly set the property java.rmi.server.useCodebaseOnly equal to false. Screenshot: https://www.dropbox.com/s/xz9ugal3ixnfh1c/10.3.1rmiduseCodebaseOnly%3Dfalse.png?dl=0 As discussed ...
HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability(CVE-2016-4333)
Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...
QNAP HelpDesk SQL Injection(CVE-2017-13068)
Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...
Network Time Protocol Trap Crash Denial of Service Vulnerability(CVE-2016-9311)
Summary An exploitable denial of service vulnerability exists in the trap functionality of ntpd. If an ntpd instance is configured to send traps, a specially crafted network packet can be used to cause a null pointer dereference resulting in a denial of service. This vulnerability can be triggere...
HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability(CVE-2016-4332)
Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...
HDF5 Group libhdf5 H5T_ARRAY Code Execution Vulnerability(CVE-2016-4330)
Description HDF5 is a fileformat that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)
Summary An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A...
iBall ADSL2+ Home Router Authentication Bypass Vulnerability(CVE-2017-14244)
Exploit Title: iBall ADSL2+ Home Router Authentication Bypass Vulnerability CVE: CVE-2017-14244 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: iBall ADSL2+ Home Router WRA150N https://www.iball.co.in/Product/ADSL2--Home-Router/7...
Network Time Protocol Broadcast Mode Replay Prevention Denial of Service Vulnerability(CVE-2016-7427)
Summary An exploitable denial of service vulnerability exists in the broadcast mode replay prevention functionality of ntpd. To prevent replay of broadcast mode packets, ntpd rejects broadcast mode packets with non-monotonically increasing transmit timestamps. Remote unauthenticated attackers can...
Joyent SmartOS Hyprlofs FS IOCTL 32-bit File System Integer Overflow Privilege Escalation Vulnerability(CVE-2016-9031)
Summary An exploitable integer overflow exists in the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel...
Apache Tomcat Upload Bypass / Remote Code Execution(CVE-2017-12617)
CVE-2017-12617 CVE-2017-12617 critical Remote Code Execution RCE vulnerability discovered in Apache Tomcat affect systems with HTTP PUTs enabled via setting the "read-only" initialization parameter of the Default servlet to "false" are affected. Tomcat versions before 9.0.1 Beta, 8.5.23, 8.0.47 a...
Joyent SmartOS Hyprlofs FS IOCTL Native File System name Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9032)
Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...
Nvidia Windows Kernel Mode Driver Denial Of Service(CVE-2016-8823)
Summary An local denial of service vulnerability exists in the communication functionality of Nvidia Windows Kernel Mode Driver. A specially crafted message can cause a vulnerability resulting in a machine crash BSOD. An attacker can send a specific message to trigger this vulnerability. Tested...
Joyent SmartOS Hyprlofs FS IOCTL 32-bit File System path Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9035)
Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...
Joyent SmartOS Hyprlofs FS IOCTL Native File System Integer Overflow Privilege Escalation Vulnerability(CVE-2016-8733)
Summary An exploitable integer overflow exists in the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel...
Apple: Heap overflow and information disclosure in "setVendorIE" when handling ioctl results(CVE-2017-7110)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On iOS, the "AppleBCMWLANBusInterfacePCIe"...
Joyent SmartOS Hyprlofs FS IOCTL Add Entries 32-bit File System Denial of Service Vulnerability(CVE-2016-9040)
Summary An exploitable denial of service exists in the the Joylent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never...
Apple: OOB NUL byte write when handling WLC_E_TRACE event packets(CVE-2017-7112)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On iOS, the "AppleBCMWLANBusInterfacePCIe"...
Computerinsel Photoline GIF Parsing Code Execution Vulnerability(CVE-2017-2880)
Summary An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability. Tested Versio...
WebKit: JSC: Incorrect optimization in BytecodeGenerator::emitGetByVal(CVE-2017-7061)
Let's start with JS code. let o = ; for let i in xx: 0 oi; 0; i-- ForInContext& context = mforInContextStacki - 1.get; if context.local != property continue; if !context.isValid break; if context.type == ForInContext::IndexedForInContextType property = staticcastcontext.index; break;...
Joyent SmartOS Hyprlofs FS IOCTL Add Entries Native File System Denial of Service Vulnerability(CVE-2016-9039)
Summary An exploitable denial of service exists in the the Joylent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit...
WebKit: JSC: Incorrect for-in optimization #2(CVE-2017-7117)
No description provided by source. The following PoC bypasses the fix for the https://www.seebug.org/vuldb/ssvid-96629. PoC: function f let o = ; for let i in xx: 0 for i of 0 printoi; f;...