Microsoft Windows OLE CVE-2017-0211 Local Privilege Escalation Vulnerability
Vuln: Microsoft Windows Hyper-V CVE-2017-0178 Remote Denial of Service Vulnerability
Microsoft Windows Hyper-V CVE-2017-0178 Remote Denial of Service Vulnerability
Vuln: Lenovo CVE-2016-8237 Remote Code Execution Vulnerability
Lenovo CVE-2016-8237 Remote Code Execution Vulnerability
Vuln: libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
libjpeg/libjpeg-turbo Library CVE-2013-6629 Memory Corruption Vulnerability
CVE-2017-7695
Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an ‘xxx.php[space]’ file, they could bypass a safety check and execute any code.
CVE-2017-7694
Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in the datasource editor or event editor.
CVE-2017-7697
In libsamplerate before 1.0.9, a buffer over-read occurs in the calc_output_single function in src_sinc.c via a crafted audio file.
Proxifier 2.18 Privilege Escalation / Code Execution
Proxifier versions 2.18 and below ships with a KLoader binary which it installs suid root the first time Proxifier is run. This binary serves a single purpose which is to load and unload Proxifier’s kernel extension. Unfortunately it does this by taking the first parameter passed to it on the commandline without any sanitisation and feeding it straight into system().
Microsoft Patches Three Vulnerabilities Under Attack
Microsoft Patch Tuesday fixes 45 vulnerabilities, one being an active zero-day bug used to spread the Dridex banking Trojan.
CVE-2017-7691
A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.