Windows

Microsoft Internet Explorer CMarkup Object Use-After-Free Exploit (MS14-021) Update 3

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to the CMarkup::IsConnectedToPrimaryMarkup function, as exploited in the wild in April 2014. This update adds support for Internet Explorer 11.

Drupal core - SQL injection Exploit

This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704).

Spectre Checker (CVE-2017-5153)

Spectre breaks the isolation between different applications. It allows an attacker to trick error-free programs, which follow best practices, into leaking their secrets. In fact, the safety checks of said best practices actually increase the attack surface and may make applications more susceptible to Spectre

CloudMe Sync Buffer Overflow Exploit

Unauthenticated remote attackers that can connect to the "CloudMe Sync" client application listening on port 8888, can send a malicious payload causing a Buffer Overflow condition. This will result in an attacker controlling the programs execution flow and allowing arbitrary code execution on the victims PC.

Sync Breeze Enterprise Import Command Buffer Overflow Exploit

A Buffer Overflow exists in Sync Breeze Enterprise 10.4.18 when parsing .XML files by Command Import. The vulnerability is caused due to a boundary error when handling a crafted .XML files.

Microsoft Office Equation Editor Memory Corruption Exploit (CVE-2018-0802)

The vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory.

Meltdown Checker Update (CVE-2017-5154)

This module performs a local check in order to detect if the target is vulnerable to CVE 2017-5154 (aka Meltdown). This update adds Windows support.

HPE iMC WebDMDebugServlet Java Deserialization Vulnerability Remote Code Execution Exploit

HPE Intelligent Management Center is prone to a remote vulnerability that allows attackers to take advantage of an improper validation of user-supplied data, which can result in deserialization of untrusted data in WebDMDebugServlet. An attacker can leverage this vulnerability to execute arbitrary code in the context of SYSTEM.

Cisco WebEx ARF File Binary Planting Exploit

The specific flaw exists within the processing of ARF files. While opening an ARF file, WebEx Network Recording Player loads a DLL from an unqualified path. An attacker can leverage this vulnerability to execute code under the context of the current process.

WECON LeviStudio HMI Editor Buffer Overflow Exploit Update

Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory, the attacker may then be able to crash the application or run arbitrary code. This update adds support for the new software version and a new CVE.