The coff_slurp_reloc_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (NULL pointer dereference and application...
The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow...
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a...
ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 have a Memory Corruption vulnerability via a 0x83000084 DeviceIoControl request. Date published : 2017-12-04 https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Memory_Corruption_1_0x83000084
ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL pointer dereference via a 0x830000c4 DeviceIoControl request. Date published : 2017-12-04 https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Null_Pointer_Dereference_1
ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool Corruption vulnerability via a 0x83000058 DeviceIoControl request. Date published : 2017-12-04 https://github.com/k0keoyo/Driver-Loaded-PoC/tree/master/IKARUS-Antivirus/Pool_Corruption_1
Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in dapur/apps/app_theme/libs/check_file.php via $_GET[‘src’] or $_GET[‘name’]. Date published : 2017-12-04 https://github.com/FiyoCMS/FiyoCMS/issues/11
Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via $_POST[name] or $_POST[email]. This vulnerability can lead to escalation from normal user privileges to administrator privileges. Date published : 2017-12-04 https://github.com/FiyoCMS/FiyoCMS/issues/10
Fiyo CMS 2.0.7 has SQL injection in /system/site.php via $_REQUEST[‘link’]. Date published : 2017-12-04 https://github.com/FiyoCMS/FiyoCMS/issues/9
There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The vulnerability exists due to insufficient filtration of user-supplied data in the ‘Range’ field of the ‘Department’ module in a Personnel Advanced Query. A...
The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a ‘password_change()’ function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 parameters to...
A Cross-site Scripting issue was discovered in Geovap Reliance SCADA Version 4.7.3 Update 2 and prior. This vulnerability could allow an unauthenticated attacker to inject arbitrary code. Date published : 2017-12-04 http://www.securityfocus.com/bid/102031 https://ics-cert.us-cert.gov/advisories/ICSA-17-334-02
Command injection vulnerability in smart.cgi in Synology DiskStation Manager (DSM) before 5.2-5967-5 allows remote authenticated users to execute arbitrary commands via disk field. Date published : 2017-12-04 https://www.synology.com/en-global/support/security/Synology_SA_17_65_DSM http://packetstormsecurity.com/files/157807/Synology-DiskStation-Manager-smart.cgi-Remote-Command-Execution.html
An information exposure vulnerability in default HTTP configuration file in Synology Photo Station before 6.8.1-3458 and before 6.3-2970 allows remote attackers to obtain sensitive system information via .htaccess file. Date published : 2017-12-04 https://www.synology.com/en-global/support/security/Synology_SA_17_63_Photo_Station