Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

CVE-2019-14206: Adaptive images for Wordpress 0.6.66: LFI, arbitrary file deletion and RCE.

An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.

CVE
#vulnerability#web#wordpress#php#backdoor#rce#auth
CVE-2019-12815: ProFTPd CVE-2019-12815

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

CVE-2019-13585: FANUC Robotics Virtual Robot Controller 8.23 Buffer Overflow ≈ Packet Storm

The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request.

CVE-2019-6822: Security Notification - Zelio Soft 2 | Schneider Electric

A Use After Free: CWE-416 vulnerability exists in Zelio Soft 2, V5.2 and earlier, which could cause remote code execution when opening a specially crafted Zelio Soft 2 project file.

CVE-2019-0887

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

CVE-2019-5051: TALOS-2019-0820 || Cisco Talos Intelligence Group

An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

CVE-2019-5052: TALOS-2019-0821 || Cisco Talos Intelligence Group

An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability.

CVE-2019-7265: Resources - Applied Risk

Linear eMerge E3-Series devices allow Remote Code Execution (root access over SSH).

CVE-2019-6168: Lenovo Service Bridge Vulnerabilities - Lenovo Support DE

A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow remote code execution.

CVE-2019-12384: [SECURITY] [DLA 1831-1] jackson-databind security update

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.