HelpDEZK version 1.1.1 suffers from code execution and cross site request forgery vulnerabilities.
39ff9b5e973e4cc6e07d3260e5985c65ManageEngine Applications Manager versions 12 and 13 suffers from code execution, cross site scripting, XXE injection, and remote SQL injection vulnerabilities.
3955f3dbd6d2315f052f3f25d5c3a78fApple Security Advisory 2017-03-27-4 - iOS 10.3 is now available and addresses code execution, information disclosure, denial of service, and various other vulnerabilities.
ca8150c7012917f3969636d4fd66d8d6pfsense version 2.3.2 suffers from a remote code execution vulnerability.
4398de06e73854df8caec492ca62f7a5Apple Security Advisory 2017-03-27-5 - watchOS 3.2 is now available and addresses code execution, buffer overflow, and various other vulnerabilities.
7e7527ae13e4848a2b20822e477bd572This Metasploit module exploits two security issues in Github Enterprise, version 2.8.0 - 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby object to be loaded, and results in arbitrary remote code execution. This exploit was tested against version 2.8.0.
ca3b7f3ca2be9221feac2054c941ad33EON versions 5.0 and below suffer from a remote code execution vulnerability.
8151063dc00d32abc37b3ac0e139d9aeRed Hat Security Advisory 2017-0837-01 - The icoutils are a set of programs for extracting and converting images in Microsoft Windows icon and cursor files. These files usually have the extension .ico or .cur, but they can also be embedded in executables or libraries. Security Fix: Multiple vulnerabilities were found in icoutils, in the wrestool program. An attacker could create a crafted executable that, when read by wrestool, could result in memory corruption leading to a crash or potential code execution.
9ae26a5f0de12baafe740afbafa04442Cisco Security Advisory - A vulnerability in the Data-in-Motion (DMo) process installed with the Cisco IOx application environment could allow an unauthenticated, remote attacker to cause a stack overflow that could allow remote code execution with root privileges in the virtual instance running on an affected device. The vulnerability is due to insufficient bounds checking in the DMo process. An attacker could exploit this vulnerability by sending crafted packets that are forwarded to the DMo process for evaluation. The impacts of a successful exploit are limited to the scope of the virtual instance and do not impact the router that is hosting Cisco IOx. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
db1158a1833f92338a1506959e37f3e0Adium version 1.5.10.2 includes a vulnerable version of libpurple that permits for arbitrary code execution on the client.
7913f2adf8097184b180ef24430fa5ceRed Hat Security Advisory 2017-0559-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution.
1a1430473745a072729959f23aa7f9e9Red Hat Security Advisory 2017-0552-01 - The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is available to download as an OVA file from the Customer Portal. The following packages have been upgraded to a later upstream version: rhevm-appliance. Security Fix: A vulnerability was discovered in SPICE in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution.
ad82727f2b2f97eabba52e45a8a99396GitHub Enterprise versions 2.8.x prior to 2.8.6 suffer from a remote code execution vulnerability.
e6b72b7263b1c9c365dee8ded6914b89This Metasploit module exploits a vulnerability in IBM's WebSphere Application Server. An unsafe deserialization call of unauthenticated Java objects exists to the Apache Commons Collections (ACC) library, which allows remote arbitrary code execution. Authentication is not required in order to exploit this vulnerability.
08d8879a89fd3efd87e28c199e8028f1This Metasploit module exploits a remote code execution vulnerability in Apache Struts version 2.3.5 - 2.3.31, and 2.5 - 2.5.10. Remote Code Execution can be performed via http Content-Type header. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.
8637e8ffc6de9189c657a3e087a50331Apache Struts 2 versions 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 remote code execution exploit that provides a reverse shell.
1fe1221359b528e0a3f8439c385ef6e1SICUNET Access Controller version 0.32-05z suffers from code execution, file disclosure, lack of software updates, and poor credential handling vulnerabilities.
0d983c12ac8d7e7d17137c50309d9008F-Secure AV suffers from an issue where remote code execution under SYSTEM can take place due to a man-in-the-middle vulnerability.
90b976c461ad98bd893ac4a2de43e0d1HP Security Bulletin HPESBHF03713 1 - A potential security vulnerability has been identified in HPE Intelligent Management Center (IMC) PLAT. The vulnerability could be remotely exploited to allow code execution. Revision 1 of this advisory.
5cff7a8294d8c9ffeecbc4a085157f1eHP Security Bulletin HPESBGN03712 1 - A potential security vulnerability has been identified in HPE LoadRunner and Performance Center. This vulnerability could be remotely exploited to allow remote code execution. Revision 1 of this advisory.
b49eecabae9d70a34d9f85a02c39dc9aDrupal version 7.x module services remote code execution exploit.
835974e09557a41877938f189241232bWestern Digital My Cloud suffers from a buffer overflow vulnerability that allows for remote code execution.
e64dc08f721927ea61266f162a334e42iBaseCMS version 1.23 suffers from file upload, remote code execution, and remote SQL injection vulnerabilities.
d28a116f850f248cd5287cebbaa7d349OpenElec versions 6.0.3 and 7.0.1 suffer from a remote code execution vulnerability.
aac25622ef669cb52b03333aaa0db641Deluge version 1.3.13 suffers from a cross site request forgery vulnerability that can allow for remote code execution.
cad6f6d8659589a6cb16d9a3e7b91958
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed