Vir.IT eXplorer is an AntiVirus, AntiSpyware and AntiMalware software made in Italy and developed by TG Soft S.a.s. A major flaws exists in the last version of Vir.IT eXplorer, this vulnerability allow a local attacker, to execute arbitrary code in the context of the application with SYSTEM privilege. The flaw resides in the viritsvclite Service due to bad privileges for the main Vir.IT folder, by default, any user (even guest) will be able to replace, modify or alter the file. This would allow an attacker to inject code or replace the executable and have it run in the context of the system. This would allow a complete compromise of the system on which the antivirus was installed; an attacker can replace the executable, reboot the system and it would then compromise the machine.
4digits version 1.1.4 and possibly earlier versions suffer from a buffer overflow vulnerability where possible code execution can occur and privileges can be escalated if this is setuid/setgid. The vulnerability is found within the 4digits-text binary version of the game. An environment variable is not checked thoroughly before it is passed to the function save_score() when a user wins at the game. An attacker may be able to execute arbitary code by setting the HOME variable to a large string and running the game in GDB.
Anonymous attacker can use a special HTTP request to get information about SAP NetWeaver users.
An SQL injection vulnerability means that a code comprises an SQL statement that contains strings that can be altered by an attacker. The manipulated SQL statement can be used to gain additional data from the database or to modify the information.
SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
This module exploits a vulnerability found in Dell SonicWALL Scrutinizer. The methodDetail parameter in exporters.php allows an attacker to write arbitrary files to the file system with an SQL Injection attack, and gain remote code execution under the context of SYSTEM for Windows, or as Apache for Linux. Authentication is required to exploit this vulnerability, but this module uses the default admin:admin credential.
When parsing executables packed by an early version of aspack, a buffer overflow can occur in the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products. The problem occurs when section data is truncated, that is, when SizeOfRawData is greater than SizeOfImage. This is a remote code execution vulnerability. Because Symantec use a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link is enough to exploit it. On Linux, Mac and other UNIX platforms, this results in a remote heap overflow as root in the Symantec or Norton process. On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel, making this a remote ring0 memory corruption vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of invalid data in the mdat atom. An attacker can use this flaw to read outside the allocated buffer, which could allow for the execution of arbitrary code in the context of the current process.
An integer overflow vulnerability exists in the code responsible for handling the two escape codes POSTSCRIPT_IDENTIFY and POSTSCRIPT_INJECTION in the public ExtEscape() API. The code does not check if the "+23" part overflows the 32-bit type, allowing an attacker to cause a buffer overflow.
When encountering a COMMENT_MULTIFORMATS record, the MRGDICOMMENT::bPlay() function starts off by sanitizing the 32-bit EMR_COMMENT_MULTIFORMATS.CountFormats field, by ensuring the following: 1) EMR_COMMENT_MULTIFORMATS.CountFormats < 0xFFFFFFF 2) 0x28 + (0x10 * EMR_COMMENT_MULTIFORMATS.CountFormats) fits within the EMF record. Since all calculation is done using 32-bit arithmetic, an integer overflow may occur if the EMR_COMMENT_MULTIFORMATS.CountFormats field is greater than 0xFFFFFFF.
Services By CQR