Exécution de Code (Code Execution)

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the (1) author (inside the INFORMATION tag), (2) name (inside the INFORMATION tag), (3) artist (inside the TRACK tag), or (4) default (inside the TEXT tag) parameter in an lpp project file. (CVSS:0.0) (Last Update:2017-09-23)

DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication parameter is required but can be obtained by exploiting CVE-2017-14706. This affects DenyAll i-Suite LTS 5.5.0 through 5.5.12, i-Suite 5.6, Web Application Firewall 5.7, and Web Application Firewall 6.x before 6.4.1, with On Premises or AWS/Azure cloud deployments. (CVSS:0.0) (Last Update:2017-09-22)

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b." (CVSS:0.0) (Last Update:2017-09-22)

Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d" on Windows. This occurs because read_zip_dir_imp in fitz/unzip.c does not check whether size fields in a ZIP entry are negative numbers. (CVSS:0.0) (Last Update:2017-09-22)

Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. (CVSS:0.0) (Last Update:2017-09-22)

Foxit Reader 8.3.2.25013 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at tiptsf!CPenInputPanel::FinalRelease+0x000000000000002f." (CVSS:0.0) (Last Update:2017-09-22)

STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000064e7." (CVSS:0.0) (Last Update:2017-09-22)

Proxy command injection vulnerabilities in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations. (CVSS:0.0) (Last Update:2017-09-22)