Security Technology: ZDI: Published Advisories

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Symantec Messaging Gateway. Authentication is required to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2BnWoDq

ZDI-17-1008: QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2z6jit8

ZDI-17-1007: QNAP QTS Web sysinfoReq Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-17-1006: QNAP QTS Web change_password Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-17-1005: QNAP QTS authLogin Host Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-17-1004: QNAP QTS authLogin Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-17-1003: QNAP QTS Web devRequest Stack-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-17-1002: QNAP QTS NASFTPD USER Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS NASFTPD. Authentication is not required to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2z4XZbt

ZDI-17-1001: WECON LeviStudio PLC Driver Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WECON LeviStudio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

from ZDI: Published Advisories http://ift.tt/2BnecyH

ZDI-17-1000: Ecava IntegraXor Report getdata name SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Ecava IntegraXor. Authentication is not required to exploit this vulnerability.

from ZDI: Published Advisories http://ift.tt/2z5HYSx

ZDI-17-999: Ecava IntegraXor Report batchlist SQL Injection Information Disclosure Vulnerability

ZDI-17-998: Adobe Flash Player BitmapData hitTest Out-Of-Bounds Access Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

from ZDI: Published Advisories http://ift.tt/2z5Dk73

Security Technology

ZDI-17-1015: Microsoft Windows JavaScript Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability

ZDI-17-1014: Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-17-1013: Adobe Acrobat Pro DC ImageConversion EMF BMP Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-17-1012: Adobe Acrobat Pro DC ImageConversion EMF JPEG Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-17-1011: Adobe Acrobat Pro DC ImageConversion EMF GIF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-17-1010: Microsoft Windows Font Embedding Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-17-1009: Symantec Messaging Gateway Export Servlet snmpFileName Directory Traversal Information Disclosure Vulnerability