<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Wed Aug 23 16:48:43 2017 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-17-695: SpiderControl SCADA Webserver iniNet Directory Traversal Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/vWjqeE-ORts/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of SpiderControl SCADA. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/vWjqeE-ORts" height="1" width="1" alt=""/> Wed, 23 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-695/ <![CDATA[ZDI-17-694: SpiderControl SCADA MicroBrowser StaticHTMLTagsFileName Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/U9wwV4Zyo6g/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SpiderControl SCADA MicroBrowser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/U9wwV4Zyo6g" height="1" width="1" alt=""/> Wed, 23 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-694/ <![CDATA[ZDI-17-693: Bitdefender Total Security bdfwfpf Kernel Driver Double Free Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/2oRLhRQ8pKk/ This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Bitdefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/2oRLhRQ8pKk" height="1" width="1" alt=""/> Thu, 17 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-693/ <![CDATA[ZDI-17-692: (0Day) Foxit Reader saveAs Arbitrary File Write Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/MHRu-9Fpzko/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/MHRu-9Fpzko" height="1" width="1" alt=""/> Thu, 17 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-692/ <![CDATA[ZDI-17-691: (0Day) Foxit Reader launchURL Command Injection Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/GoRobGxEOFo/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/GoRobGxEOFo" height="1" width="1" alt=""/> Thu, 17 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-691/ <![CDATA[ZDI-17-690: Hewlett Packard Enterprise Intelligent Management Center wmiConfigContent Expression Language Injection Remote Code Execution Vulnerability ]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/t-24cGFOK9o/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/t-24cGFOK9o" height="1" width="1" alt=""/> Mon, 14 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-690/ <![CDATA[ZDI-17-689: Hewlett Packard Enterprise Intelligent Management Center index Expression Language Injection Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/10pyxbOM7aE/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/10pyxbOM7aE" height="1" width="1" alt=""/> Fri, 11 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-689/ <![CDATA[ZDI-17-688: Hewlett Packard Enterprise Intelligent Management Center operatorGroupSelectContent Expression Language Injection Remote Code Execution Vulnerability ]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/SZipy8dPvjc/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/SZipy8dPvjc" height="1" width="1" alt=""/> Fri, 11 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-688/ <![CDATA[ZDI-17-687: Hewlett Packard Enterprise Intelligent Management Center guiDataDetail Expression Language Injection Remote Code Execution Vulnerability ]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/T6scWRENIW0/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/T6scWRENIW0" height="1" width="1" alt=""/> Fri, 11 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-687/ <![CDATA[ZDI-17-686: Hewlett Packard Enterprise Intelligent Management Center quickTemplateSelect Expression Language Injection Remote Code Execution Vulnerability ]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/Hq_DR-tqwk0/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/Hq_DR-tqwk0" height="1" width="1" alt=""/> Fri, 11 Aug 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-686/