A Heap Overflow vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while parsing a specially crafted file. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file.
Category Archives: Checkpoint
Checkpoint
Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2966)
A heap overflow vulnerability exists in Adobe Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker could trigger this issue via a specially crafted TIFF file.
Adobe Acrobat and Reader Heap Overflow (APSB17-01: CVE-2017-2949)
A heap overflow vulnerability exists in Adobe Reader and Acrobat. The vulnerability is due to an error while parsing a corrupted PDF file containing an XSL stylesheet. A remote attacker may exploit this vulnerability by enticing a target user to open a specially crafted PDF file.
D-Link DCS-931L File Upload (CVE-2015-2049)
File Upload vulnerability exist in D-Link network cameras. The vulnerability is due to a hidden webpage on the device that allows an attacker to upload arbitrary files from the attackers system. By allowing the attacker to specify the file location to write on the device, the attacker has the ability to upload new functionality.
Adobe Reader DC JPEG2000 Out-of-Bounds Read (CVE-2016-7854)
An out-of-bounds read vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to improper handling of JPEG2000 images, and could be used to gain sensitive information that may help in further attacks. A remote attacker could exploit this vulnerability by enticing a user to open a maliciously crafted webpage or PDF document.
FreePBX callmenum Remote Code Execution (CVE-2012-4869)
FreePBX is an open source software implementation of a telephone Private Branch eXchange (PBX). A code execution vulnerability exists in FreePBX software. Remote attacker can exploit this vulnerability to inject arbitrary PHP functions and commands.
Tuleap PHP Unserialize Code Execution (CVE-2014-8791)
This module exploits a PHP object injection vulnerability. Tuelap could be abused to allow authenticated users to execute arbitrary code with the permissions of the web server. This could lead to execute PHP code on the server.
3CX Phone System VAD_Deploy.aspx Arbitrary File Upload
An arbitrary file upload vulnerability exists in 3CX VoIP Phone System Manager. The vulnerability is due to failure to restrict file uploads in VAD_Deploy.aspx. A remote unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the target server.
Microsoft Office Memory Corruption (MS17-002: CVE-2017-0003)
An Out-of-Bounds-Write vulnerability exists in Microsoft Word. The vulnerability is due to a failure of Office software to properly handle objects in memory. Successful exploitation of this issue could grant an attacker remote code execution.
Microsoft Bowser.sys Information Disclosure (MS16-135: CVE-2016-7218)
An information disclosure vulnerability exists in Microsoft Windows regarding bowser.sys . A local attacker could exploit this vulnerability by running a specially crafted malicious executable file. Successful exploitation of this vulnerability could lead to information disclosure.