OSCA-550, OSCA-550A, OSCA-550AX, OSCA-550X Security Vulnerabilities
shopify-scripts: Heap buffer oveflow with many arguments
The following program triggers a heap buffer overflow: ruby d 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,....
0.1AI Score
OWASP Security Shepherd - Web And Mobile Application Security Training Platform
The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and...
7.4AI Score
chinese.cgntv.net XSS vulnerability
Vulnerable URL: http://chinese.cgntv.net/sub.asp?trans=&hiddentitle;=&ifrwidth;=550&inurl;=&mview;=&pid;=1162&line;_num=50&search;_keyword=' Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
6.3AI Score
MS13-094: Description of the security update for Outlook 2013: November 12, 2013
Resolves a security vulnerability in Microsoft Outlook that could allow information disclosure when a specially crafted email message is opened or previewed.IntroductionThis update resolves a security vulnerability in Microsoft Outlook that could allow information disclosure when a specially...
-0.4AI Score
MS13-067: Description of the security update for SharePoint Server 2010 (coreserver): September 10, 2013 Introduction This security update resolves vulnerabilities in Microsoft Office Server software that could allow remote code execution in the context of the W3WP service account. Summary...
7.5AI Score
MS14-022: Description of the security update for SharePoint Server 2010 (coreserver): May 13, 2014
MS14-022: Description of the security update for SharePoint Server 2010 (coreserver): May 13, 2014 Introduction This security update resolves vulnerabilities in Microsoft Office server and productivity software that could allow remote code execution if an authenticated attacker sends specially...
7.5AI Score
Zendesk: SMTP user enumeration via mail.zendesk.com
Several methods exist that can be used to ██████████ SMTP to enumerate valid usernames and addresses; namely VRFY, EXPN, and RCPT TO. mail.zendesk.com does not reply to EXPN or RCPT TO so we will concentrate on VRFY in this report. The VRFY command will request that the receiving SMTP server...
-0.3AI Score
shopify-scripts: Integer Overflow in mrb_ary_set
Hi, I found a crash in mruby. I frankly couldn't reproduce it in mruby-engine. I think it is because of memory limitation, but I'm not sure. Here is a PoC (when the size of MRB_INT is 32). ruby ary = Array.new(0) ary[0x7fffffff] = 1 ``` $ gdb -q --args ./bin/mruby ./test.rb Reading symbols from...
1.2AI Score
ImageMagick 7.x < 7.0.3-9 ReadSGIImage() SGI File Handling DoS
The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.3-9. It is, therefore, affected by a denial of service vulnerability due to an out-of-bounds read error in the ReadSGIImage() function within file coders/sgi.c when handling iris info dimensions. An...
6.8AI Score
Joomla com_videogallerylite SQL Injection
SQL Injection vulnerability in Joomla Component com_videogallerylite galleryid parameter Vulnerability Type: SQL...
9.8CVSS
0.9AI Score
0.005EPSS
shopify-scripts: Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory
Uhm, while testing this I seem to have broken https://mruby.science.. Ooops, sorry about that! Anyway, here's the bug: Overwriting (at least, not sure about other triggers) NoMethodError with a builtin class like Fixnum or Integer leads to a rather interesting behavior. https://mruby.science...
-0.5AI Score
HPSBGN3552 rev.1 HP Secure Boot UEFI Update
Potential Security Impact Secure Boot Bypass VULNERABILITY SUMMARY HP UEFI update to support Microsoft's enhanced protection of Windows secure boot policies. RESOLUTION HP has provided firmware updates to address the vulnerability for HP PCs with UEFI Firmware. To acquire the firmware updates,...
7.5CVSS
7.4AI Score
LocalTapiola: SMTP configuration vulnerability viestinta.lahitapiola.fi
Hello guys, I have two related SMTP vulnerabilities. I decided to put both of them under the same ticket because they are closely related. Summary: I discovered two SMTP vulnerabilities on host viestinta.lahitapiola.fi. First it is possible to perform user enumeration. For this you can use...
-0.2AI Score
HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0177 HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4331 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization.....
0.4AI Score
0.002EPSS
0.5AI Score
0.1AI Score
-0.3AI Score
7.4AI Score
7.1AI Score
Adobe Reader DC XSLT Parsing for-each Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AXSLE...
9.8CVSS
4.9AI Score
0.042EPSS
6.2AI Score
0.006EPSS
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree...
5.5CVSS
6.8AI Score
0.006EPSS
MS16-107: Description of the security update for Outlook 2013: September 13, 2016
MS16-107: Description of the security update for Outlook 2013: September 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
6.9AI Score
0.014EPSS
Cumulative update for Windows 10 Version 1511: September 13, 2016
Cumulative update for Windows 10 Version 1511: September 13, 2016 Summary This security update includes improvements and fixes in the functionality of Windows 10 Version 1511. It also resolves the following vulnerabilities in Windows: 3183038 MS16-104: Cumulative security update for Internet...
7.3AI Score
0.964EPSS
MySQL <= 5.7.15 remote Root code execution vulnerability
http://legalhackers.com dawid (at) legalhackers.com Release date: 12.09.2016 I. VULNERABILITY MySQL <= 5.7.15 Remote Root Code Execution / Privilege Escalation (0day) 5.6.33 5.5.52 MySQL clones are also affected, including: MariaDB PerconaDB II. BACKGROUND "MySQL is the...
10.3AI Score
0.021EPSS
MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation
MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege...
9.8CVSS
0.8AI Score
MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation
Exploit for multiple platform in category local...
0.4AI Score
0.005EPSS
-0.1AI Score
0.021EPSS
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
...
8.9AI Score
0.007EPSS
Adobe ColdFusion < 11 Update 10 - XML external entity injection
Discovered by: Dawid Golunski http://legalhackers.com dawid (at) legalhackers.com APSB16-30 Release date: 31.08.2016 I. VULNERABILITY Adobe ColdFusion <= 11 XML External Entity (XXE) Injection II. BACKGROUND "Adobe ColdFusion 11 Enterprise Edition offers a single platform to rapidly build and...
9.3AI Score
0.733EPSS
8.6AI Score
0.733EPSS
0.6AI Score
0.733EPSS
Adobe ColdFusion < 11 Update 10 - XML External Entity Injection
Exploit for php platform in category web...
0.3AI Score
0.733EPSS
Adobe ColdFusion 11 Update 10 - XML External Entity Injection
Adobe ColdFusion 11 Update 10 - XML External Entity...
8.6CVSS
0.3AI Score
Raptor - Web-based Source Code Vulnerability Scanner
Raptor is a web-based (web-serivce + UI) github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are...
7.4AI Score
MS16-099: Description of the security update for Outlook 2013: August 9, 2016
MS16-099: Description of the security update for Outlook 2013: August 9, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...
7.7AI Score
Vulnerable URL: http://www.debet.ge/en/product.php?cat=16">&subcat;=61&product;=550 Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 23:03 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
6.2AI Score
Public, Private Sector Team to Fight Ransomware
Knowing where to turn for help when victimized by ransomware isn’t always clear. Should you pay the ransom? Are there alternatives to getting your precious data back? Who can you turn to for help? In an effort to answer those questions and help victims retrieve data encrypted by ransomware a...
-0.5AI Score
Shiro RememberMe 1.2.4 deserialize the result of command execution vulnerability
Author: rungobier (知道创宇404安全实验室) 概述 Apache Shiro 在 Java 的权限及安全验证框架中占用重要的一席之地,在它编号为550的 issue 中爆出严重的 Java 反序列化漏洞。下面,我们将模拟还原此漏洞的场景以及分析过程。 0x01 漏洞场景还原 首先,需要获取 Apache Shiro 存在漏洞的源代码,具体操作如下: git clone https://github.com/apache/shiro.git git checkout shiro-root-1.2.4 cd ./shiro/samples/web...
6.9AI Score
Threat Outbreak Alert RuleID23816: Email Messages Distributing Malicious Software on July 18, 2016
Medium Alert ID: 47113 First Published: 2016 July 18 14:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID23816) may contain the following...
0.4AI Score
Debian DLA-550-1 : drupal7 security update
It was discovered that there was a vulnerability existed in the user module in drupal7, a content management framework. If some specific contributed or custom code triggers a rebuild of the user profile form, a registered user can be granted all user roles on the site. This would typically result.....
-0.4AI Score
[SECURITY] [DLA 550-1] drupal7 security update
Package : drupal7 Version : 7.14-2+deb7u14 CVE ID : CVE-2016-6211 It was discovered that there was a vulnerability existed in the user module in drupal7, a content management framework. If some specific contributed or custom code triggers a rebuild of the user profile form, a...
8.8CVSS
2.8AI Score
0.002EPSS
It was discovered that there was a vulnerability existed in the user module in drupal7, a content management framework. If some specific contributed or custom code triggers a rebuild of the user profile form, a registered user can be granted all user roles on the site. This would typically result.....
3.9AI Score
MS16-088: Description of the security update for Outlook 2013: July 12, 2016
MS16-088: Description of the security update for Outlook 2013: July 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...
7.8AI Score
0.7EPSS
MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016
MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
8AI Score
0.486EPSS
The International Incident – Gaining Control of a .int Domain Name With DNS Trickery
The .int or international TLD is perhaps one of the most exclusive extensions available on the Internet. The number of domains on the extension is so small it has it’s own Wikipedia page. Introduced around 27 years ago its primary purpose has been for international treaty organizations. The...
AI Score
The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. Bugs http://bugzilla.maptools.org/show_bug.cgi?id=2560 Notes Author| Note ---|--- mdeslaur | fixed by patch for...
5.7AI Score
0.01EPSS
WordPress SOME bug in plupload.flash.swf
WordPress SOME bug in plupload.flash.swf Intro WordPress 4.5.1 is vulnerable against a Same-Origin Method Execution (SOME) vulnerability that stems from an insecure URL sanitization process performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they...
7AI Score
openSUSE Security Update : jq (openSUSE-2016-550)
jq was updated to fix one security issue. This security issue was fixed : CVE-2015-8863: Heap buffer overflow in tokenadd() function...
9.5AI Score
Automattic: WordPress SOME bug in plupload.flash.swf leading to RCE
Intro WordPress is vulnerable against a Same-Origin Method Execution (SOME) vulnerability that stems from an insecure URL sanitization problem performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do so,....
-0.3AI Score