ZDI-24-599: Adobe Substance 3D Stager SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Stager. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-34115. READ…

Read More

ZDI-24-598: (0Day) Microsoft Windows Incorrect Permission Assignment Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. Furthermore, the vulnerable behavior occurs only in certain hardware configurations. The ZDI has…

Read More

USN-6825-1: ADOdb vulnerabilities

Ubuntu Security Advisory It was discovered that the PDO driver in ADOdb was incorrectly handling string quotes. A remote attacker could possibly use this issue to perform SQL injection attacks. This issue only affected Ubuntu 16.04 LTS. (CVE-2016-7405) It was discovered that ADOdb was incorrectly handling GET parameters in test.php. A remote attacker could possibly…

Read More