56796 matches found
LexMark Perceptive Document Filters XLS Convert Code Execution Vulnerability(CVE-2016-4335)
Description An exploitable buffer overflow exists in the XLS parsing of the Perspective Document Filters conversion functionality. A crafted XLS document can lead to a stack based buffer overflow resulting in remote code execution. Tested Versions Lexmark Perceptive Document Filters Product URLs...
Kaspersky Internet Security KL1 Driver Signal Handler Denial of Service(CVE-2016-4307)
Summary A denial of service vulnerability exists in the IOCTL handling functionality of Kaspersky Internet Security KL1 driver. A specially crafted IOCTL signal can cause an access violation in KL1 kernel driver resulting in local system denial of service. An attacker can run a program from user...
Kaspersky Anti-Virus Unhandled Windows Messages Denial of Service Vulnerability(CVE-2016-4329)
Summary An local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software. Sending certain unhandled window messages, attacker can cause application termination and in the same way bypass KAV self-protection mechanism. Tested...
Kaspersky Internet Security KLIF Driver NtUserCreateWindowEx_HANDLER Denial of Service(CVE-2016-4304)
Summary A denial of service vulnerability exists in the syscall filtering functionality of the Kaspersky Internet Security KLIF driver. A specially crafted native api call request can cause a access violation exception in KLIF kernel driver resulting in local denial of service. An attacker can ru...
OpenJPEG JPEG2000 mcc record Code Execution Vulnerability(CVE-2016-8332)
Summary An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful...
Microsoft Windows10 AHCACHE.SYS Remote Denial Of Service(CVE-2016-3369)
Summary A denial of service vulnerability exists in the AHCACHE.SYS driver. A specially crafted Portable Executable file can cause a bugcheck in the Windows kernel resulting in remote denial of service. Tested Versions Windows 10, AHCACHE.SYS version 10.0.10586.0 Tested on Windows 10 X86 Product...
Hancom Hangul Office HShow!NXDeleteLineObj+0x560cb Code Execution Vulnerability(CVE-2016-4298)
Description This vulnerability was discovered within the Hangul HShow application which is part of the Hangul Office Suite. Hangul Office is published by Hancom, Inc. and is considered one of the more popular Office suites used within South Korea. When opening a Hangul HShow Document .hpt and...
Typecho 1.1(15.5.12)前台任意代码执行漏洞
No description provided by source...
Lexmark Perceptive Document Filters CBFF Code Execution Vulnerability(CVE-2016-5646)
Description An exploitable heap overflow vulnerability exists in the Compound Binary File Format CBFF parser functionality of Lexmark Perceptive Document Filters library. A specially crafted CBFF file can cause a code execution. An attacker can send a malformed file to trigger this vulnerability...
Redis CONFIG SET client-output-buffer-limit command Code Execution Vulnerability(CVE-2016-8339)
Summary An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. Tested Versions...
LibTIFF Tag Extension Remote Code Execution Vulnerability(CVE-2016-8331)
Summary An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application usin...
Hopper Disassembler ELF Section Header Size Code Execution Vulnerability(CVE-2016-8390)
Summary An exploitable out of bounds write vulnerability exists in the parsing of ELF Section Headers of Hopper App. A specially crafted ELF file can cause attacker controlled pointer arithmetic resulting in a partially controlled out of bounds write. An attacker can craft an ELF file with...
Foxit PDF Reader JBIG2 Parser Information Disclosure Vulnerability(CVE-2016-8334)
Summary A large out of bounds read on the heap vulnerability in Foxit PDF Reader can potentially be abused for information disclosure. Combined with another vulnerability, it can be used to leak heap memory layout and in bypassing ASLR. Tested Versions Foxit Software Foxit Reader 8.0.2.805 Produc...
Outlook Home Page – Another Ruler Vector
Ruler has become a go to tool for us on external engagements, easily turning compromised mailbox credentials into shells. This has resulted in security being pushed forward and Microsoft responding with patches for the two vectors used in Ruler, namely rules and forms. These were patched with...
Macro-less Code Exec in MSWord
Authors: Etienne Stalmans, Saif El-Sherei What if we told you that there is a way to get command execution on MSWord without any Macros, or memory corruption?! Windows provides several methods for transferring data between applications. One method is to use the Dynamic Data Exchange DDE protocol...
Iceni Argus ipNameAdd Code Execution Vulnerability(CVE-2016-8335)
Summary An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability...
GMER Path Length Code Execution Vulnerability(CVE-2016-4289)
Summary A stack based buffer overflow vulnerability exists in the method receiving data from SysTreeView32 control of the GMER application. A specially created long path can lead to a buffer overflow on the stack resulting in code execution. An attacker needs to create path longer than 99...
Iceni Argus ipfSetColourStroke Code Execution Vulnerability(CVE-2016-8333)
Summary An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code exection. An attacker can provide a malicious pdf file to trigger this vulnerability...
LibTIFF TIFF2PDF TIFFTAG_JPEGTABLES Remote Code Execution Vulnerability(CVE-2016-5652)
Summary An exploitable heap based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PDF tool. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. Vulnerability can be triggered via a saved TIFF file delivered by other means...
FreeImage Library XMP Image Handling Code Execution Vulnerability(CVE-2016-5684)
Summary An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library. A specially crafted XMP file can cause an arbitrary memory overwrite resulting in code execution. An attacker can provide a malicious image to trigger this...
LibTIFF PixarLogDecode Remote Code Execution Vulnerability(CVE-2016-5875)
Summary An exploitable heap based buffer overflow exists in the handling of compressed TIFF images in LibTIFF's PixarLogDecode api. A crafted TIFF document can lead to a heap based buffer overflow resulting in remote code execution. The vulnerability can be triggered through any user controlled...
PHP Melody Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in PHP Melody version 2.7.3. PHP Melody is a “self-hosted Video CMS which evolved over the last 9 years. SEO optimization, unbeaten security and speed are advantages you no longer have to compromise on. A truly...
QNAP HelpDesk SQL Injection(CVE-2017-13068)
Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To do so, ensure your NAS can reach the...
McAfee Security Scan Plus Remote Command Execution
Vulnerability Summary The following advisory describes a Remote Command Execution found in McAfee Security Scan Plus version 3.11.587.1 McAfee Security Scan Plus is “a free diagnostic tool that ensures you are protected from threats by actively checking your computer for up-to-date anti-virus,...
HDF5 Group libhdf5 H5T_COMPOUND Code Execution Vulnerability(CVE-2016-4333)
Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...
HDF5 Group libhdf5 Shareable Message Type Code Execution Vulnerability(CVE-2016-4332)
Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...
seacms6. 55 search.php code execution vulnerability
No description provided by source...
HDF5 Group libhdf5 H5T_ARRAY Code Execution Vulnerability(CVE-2016-4330)
Description HDF5 is a fileformat that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...
Network Time Protocol Broadcast Mode Replay Prevention Denial of Service Vulnerability(CVE-2016-7427)
Summary An exploitable denial of service vulnerability exists in the broadcast mode replay prevention functionality of ntpd. To prevent replay of broadcast mode packets, ntpd rejects broadcast mode packets with non-monotonically increasing transmit timestamps. Remote unauthenticated attackers can...
Network Time Protocol Broadcast Mode Poll Interval Enforcement Denial of Service Vulnerability(CVE-2016-7428)
Summary An exploitable denial of service vulnerability exists in the broadcast mode poll interval enforcement functionality of ntpd. To limit abuse, ntpd restricts the rate at which each broadcast association will process incoming packets. ntpd will reject broadcast mode packets that arrive befor...
ArcGIS Server 10.3.1: RMIClassLoader RCE
Using an Esri-provided image on Azure's Marketplace, ArcGIS Server 10.3.1 started Java's rmid on port 1098 and explicitly set the property java.rmi.server.useCodebaseOnly equal to false. Screenshot: https://www.dropbox.com/s/xz9ugal3ixnfh1c/10.3.1rmiduseCodebaseOnly%3Dfalse.png?dl=0 As discussed ...
Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability(CVE-2016-9310)
Summary An exploitable configuration modification vulnerability exists in the control mode mode 6 functionality of ntpd. A specially crafted control mode packet can set ntpd traps, providing information disclosure and DDoS amplification, and unset ntpd traps, preventing legitimate monitoring. A...
OrientDB 2.2.2 < 2.2.22 - Remote Code Execution
No description provided by source. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OrientDB 2.2.x Remote Code Execution', 'Description' = %q This module leverages a privilege escalation on...
iBall ADSL2+ Home Router Authentication Bypass Vulnerability(CVE-2017-14244)
Exploit Title: iBall ADSL2+ Home Router Authentication Bypass Vulnerability CVE: CVE-2017-14244 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: iBall ADSL2+ Home Router WRA150N https://www.iball.co.in/Product/ADSL2--Home-Router/7...
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass(CVE-2017-14243)
Exploit Title: UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass Vulnerability CVE: CVE-2017-14243 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: UTStar WA3002G4 ADSL Broadband Modem Firmware version: WA3002G4-0021.01...
Network Time Protocol Trap Crash Denial of Service Vulnerability(CVE-2016-9311)
Summary An exploitable denial of service vulnerability exists in the trap functionality of ntpd. If an ntpd instance is configured to send traps, a specially crafted network packet can be used to cause a null pointer dereference resulting in a denial of service. This vulnerability can be triggere...
HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability(CVE-2016-4331)
Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization of large amounts of scientific data and is used to exchange data structures between applications in industries such as the GIS industry via...
Joyent SmartOS Hyprlofs FS IOCTL 32-bit File System path Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9035)
Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...
Joyent SmartOS Hyprlofs FS IOCTL Native File System name Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9032)
Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...
Joyent SmartOS Hyprlofs FS IOCTL Native File System path Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9033)
Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer...
WebKit: JSC: Incorrect for-in optimization #2(CVE-2017-7117)
No description provided by source. The following PoC bypasses the fix for the https://www.seebug.org/vuldb/ssvid-96629. PoC: function f let o = ; for let i in xx: 0 for i of 0 printoi; f;...
Computerinsel Photoline GIF Parsing Code Execution Vulnerability(CVE-2017-2880)
Summary An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability. Tested Versio...
Joyent SmartOS Hyprlofs FS IOCTL 32-bit File System name Buffer Overflow Privilege Escalation Vulnerability(CVE-2016-9034)
Summary An exploitable buffer overflow exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer...
Joyent SmartOS Hyprlofs FS IOCTL Add Entries Native File System Denial of Service Vulnerability(CVE-2016-9039)
Summary An exploitable denial of service exists in the the Joylent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit...
Nvidia Windows Kernel Mode Driver Denial Of Service(CVE-2016-8823)
Summary An local denial of service vulnerability exists in the communication functionality of Nvidia Windows Kernel Mode Driver. A specially crafted message can cause a vulnerability resulting in a machine crash BSOD. An attacker can send a specific message to trigger this vulnerability. Tested...
WebKit: JSC: Incorrect optimization in BytecodeGenerator::emitGetByVal(CVE-2017-7061)
Let's start with JS code. let o = ; for let i in xx: 0 oi; 0; i-- ForInContext& context = mforInContextStacki - 1.get; if context.local != property continue; if !context.isValid break; if context.type == ForInContext::IndexedForInContextType property = staticcastcontext.index; break;...
Apple: OOB NUL byte write when handling WLC_E_TRACE event packets(CVE-2017-7112)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On iOS, the "AppleBCMWLANBusInterfacePCIe"...
Apple: Heap overflow and information disclosure in "setVendorIE" when handling ioctl results(CVE-2017-7110)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On iOS, the "AppleBCMWLANBusInterfacePCIe"...
Apple: Multiple Race Conditions in PCIe Message Ring protocol leading to OOB Write and OOB Read(CVE-2017-7115)
Broadcom produces Wi-Fi HardMAC SoCs which are used to handle the PHY and MAC layer processing. These chips are present in both mobile devices and Wi-Fi routers, and are capable of handling many Wi-Fi related events without delegating to the host OS. On iOS, the "AppleBCMWLANBusInterfacePCIe"...
Computerinsel Photoline TGA Parsing Code Execution Vulnerability(CVE-2017-12106)
Summary A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to trigger this vulnerability. Teste...