The enlightened Windows Lockdown Policy check for COM Class instantiation can be bypassed by using a bug in .NET leading to arbitrary code execution on a system with UMCI enabled (e.g. Device Guard).
9af4ae4b97751a5713a7402ad0feb6c6Digital Guardian Management Console version 7.1.2.0015 suffers from a shell upload vulnerability that allows for remote code execution.
8bc838600cd56915e5e0d27198d67ab7Red Hat Security Advisory 2018-1119-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.140. Issues addressed include a code execution vulnerability.
97c46db1b7ffc040e97c629c2eacc01cDrupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit. Ported to Ruby.
4d773afb5cb3f718d378c710534bcb27Drupal versions prior to 7.58, 8.3.9, 8.4.6, and 8.5.1 Drupalgeddon2 remote code execution proof of concept exploit.
b2dc76bf877508945ce84372e88f3422Red Hat Security Advisory 2018-1098-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Issues addressed include code execution and use-after-free vulnerabilities.
e15ae7f725c8ea07edef059ce76f700fRed Hat Security Advisory 2018-1099-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 52.7.3 ESR. Issues addressed include code execution and use-after-free vulnerabilities.
efd7f9efd1d24c1fb7653eab5d1c9cbaRed Hat Security Advisory 2018-0878-01 - The golang packages provide the Go programming language compiler. The following packages have been upgraded to a later upstream version: golang. Issues addressed include code execution and man-in-the-middle vulnerabilities.
ea5e6301671818515ab9f6d2a0f9c255WooCommerce CSV-Importer-Plugin version 3.3.6 suffers from a remote code execution vulnerability.
9bacb3687dc64c2d04972b2c02056bbeWordPress Google Drive plugin version 2.2 suffers from a remote code execution vulnerability.
b9dd9a86fef8aa3a201f13d251231d11The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected.
15df09b097ae3bbbbbf2b776522b1bc8WordPress Simple Fields plugin versions 0.2 through 0.3.5 suffer from file inclusion and remote code execution vulnerabilities.
6e2bf334cdac7f3f761fe52b39953c1eH2 Database suffers from an alias related arbitrary code execution vulnerability.
6258e5f0b2d9984d657f41ca330733fbBuddypress Xprofile Custom Fields Type version 2.6.3 suffers from a remote code execution vulnerability.
b1271d808196ceb371045fc509388d79LineageOS version 14.1 Blueborne suffers from a remote code execution vulnerability.
90410d5586fb58a108784ae1818b9a2bAtlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability.
94acc718c0e3e5468bc101178d369095Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability.
cc12264137c403adf94d352e2dd1eef5Adobe Flash versions 28.0.0.137 and below remote code execution proof of concept exploit.
d2fd29c4f918f11dabd7bb253cc87a3fRed Hat Security Advisory 2018-0627-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.
428bcf1a0a010f5a3ead3ec63c5029a5Red Hat Security Advisory 2018-0628-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.
e1d67fdcd01f4ba9fb1c3c5049f971c3Red Hat Security Advisory 2018-0630-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 6.4. Issues addressed include a code execution vulnerability.
e3e4359b66403d866b5f8acee8ca0e16Red Hat Security Advisory 2018-0629-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on WildFly. This asynchronous patch is a security update for slf4j package in Red Hat JBoss Enterprise Application Platform 7.1. Issues addressed include a code execution vulnerability.
e4524e76320f4a722ea9570e595d4473VideoFlow Digital Video Protection DVP 10 version 2.10 suffers from authenticated remote code execution vulnerability. Including a cross site request forgery vulnerability, a remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges.
96e1a3c362090e4832e802711f4bbb2aosCommerce version 2.3.4.1 suffers from a code execution vulnerability.
6f7265771c718c685efc486888ad79f0Apple Security Advisory 2018-3-29-8 - iCloud for Windows 7.4 is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities.
5159368594b492a7a1fa30f912b8bb64
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed