OSCA-550, OSCA-550A Security Vulnerabilities
7.4AI Score
Tech support scams persist with increasingly crafty techniques
(Note: Our Tech support scams FAQ page has the latest info on this type of threat, including scammer tactics, fake error messages, and the latest scammer hotlines. You can also read our latest blog, New tech support scam launches communication or phone call app.) Millions of users continue to...
6.5AI Score
Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
Mandiant has observed APT29 using a stealthy backdoor that we call POSHSPY. POSHSPY leverages two of the tools the group frequently uses: PowerShell and Windows Management Instrumentation (WMI). In the investigations Mandiant has conducted, it appeared that APT29 deployed POSHSPY as a secondary...
0.6AI Score
Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY)
Mandiant has observed APT29 using a stealthy backdoor that we call POSHSPY. POSHSPY leverages two of the tools the group frequently uses: PowerShell and Windows Management Instrumentation (WMI). In the investigations Mandiant has conducted, it appeared that APT29 deployed POSHSPY as a secondary...
7.3AI Score
MS15-047: Description of the security update for SharePoint Server 2010: May 12, 2015
MS15-047: Description of the security update for SharePoint Server 2010: May 12, 2015 Summary This security update resolves vulnerabilities in Microsoft Office server and productivity software. The vulnerabilities could allow remote code execution if an authenticated attacker sends specially...
7.6AI Score
MOXA Device Manager Tool 2.1 - Buffer Overflow Exploit
Exploit for windows platform in category local...
0.3AI Score
0.067EPSS
shopify-scripts: SIGSEGV - mark_context_stack
PoC The following code triggers the bug (attached as test_mark_context_stack.rb): def one too{yield}end def too yield ensure one{break}end one Debug - mirb Starting program: /home/x/Desktop/test/mruby/bin/mirb test_mark_context_stack mirb - Embeddable Interactive Ruby Shell => :one => :too .....
1.5AI Score
GraphicsMagick Multiple Vulnerabilities-01 (Feb 2017) - Windows
GraphicsMagick is prone to multiple...
7.6AI Score
0.032EPSS
LG G4 - lgdrmserver Binder Service Multiple Race Conditions
LG G4 - lgdrmserver Binder Service Multiple Race...
-0.1AI Score
LG G4 - lgdrmserver Binder Service Multiple Race Conditions Vulnerability
Exploit for Android platform in category dos /...
-0.1AI Score
7.4AI Score
shopify-scripts: mruby heap use-after-free
By doing some fuzzing against mruby, I spot this vulnerability, The source code should be compiled with AddressSanitizer, Here is the vulnerable code : ``` class NoMethodError < NameError def initialize(message=nil, name=nil, args=nil) @args = ar super message,&name end end class...
1.1AI Score
shopify-scripts: Heap buffer oveflow with many arguments
The following program triggers a heap buffer overflow: ruby d 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,....
0.1AI Score
OWASP Security Shepherd - Web And Mobile Application Security Training Platform
The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and...
7.4AI Score
chinese.cgntv.net XSS vulnerability
Vulnerable URL: http://chinese.cgntv.net/sub.asp?trans=&hiddentitle;=&ifrwidth;=550&inurl;=&mview;=&pid;=1162&line;_num=50&search;_keyword=' Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
6.3AI Score
MS13-094: Description of the security update for Outlook 2013: November 12, 2013
Resolves a security vulnerability in Microsoft Outlook that could allow information disclosure when a specially crafted email message is opened or previewed.IntroductionThis update resolves a security vulnerability in Microsoft Outlook that could allow information disclosure when a specially...
-0.4AI Score
MS13-067: Description of the security update for SharePoint Server 2010 (coreserver): September 10, 2013 Introduction This security update resolves vulnerabilities in Microsoft Office Server software that could allow remote code execution in the context of the W3WP service account. Summary...
7.5AI Score
MS14-022: Description of the security update for SharePoint Server 2010 (coreserver): May 13, 2014
MS14-022: Description of the security update for SharePoint Server 2010 (coreserver): May 13, 2014 Introduction This security update resolves vulnerabilities in Microsoft Office server and productivity software that could allow remote code execution if an authenticated attacker sends specially...
7.5AI Score
Zendesk: SMTP user enumeration via mail.zendesk.com
Several methods exist that can be used to ██████████ SMTP to enumerate valid usernames and addresses; namely VRFY, EXPN, and RCPT TO. mail.zendesk.com does not reply to EXPN or RCPT TO so we will concentrate on VRFY in this report. The VRFY command will request that the receiving SMTP server...
-0.3AI Score
shopify-scripts: Integer Overflow in mrb_ary_set
Hi, I found a crash in mruby. I frankly couldn't reproduce it in mruby-engine. I think it is because of memory limitation, but I'm not sure. Here is a PoC (when the size of MRB_INT is 32). ruby ary = Array.new(0) ary[0x7fffffff] = 1 ``` $ gdb -q --args ./bin/mruby ./test.rb Reading symbols from...
1.2AI Score
ImageMagick 7.x < 7.0.3-9 ReadSGIImage() SGI File Handling DoS
The version of ImageMagick installed on the remote Windows host is 7.x prior to 7.0.3-9. It is, therefore, affected by a denial of service vulnerability due to an out-of-bounds read error in the ReadSGIImage() function within file coders/sgi.c when handling iris info dimensions. An...
6.8AI Score
Joomla com_videogallerylite SQL Injection
SQL Injection vulnerability in Joomla Component com_videogallerylite galleryid parameter Vulnerability Type: SQL...
9.8CVSS
0.9AI Score
0.005EPSS
shopify-scripts: Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory
Uhm, while testing this I seem to have broken https://mruby.science.. Ooops, sorry about that! Anyway, here's the bug: Overwriting (at least, not sure about other triggers) NoMethodError with a builtin class like Fixnum or Integer leads to a rather interesting behavior. https://mruby.science...
-0.5AI Score
HPSBGN3552 rev.1 HP Secure Boot UEFI Update
Potential Security Impact Secure Boot Bypass VULNERABILITY SUMMARY HP UEFI update to support Microsoft's enhanced protection of Windows secure boot policies. RESOLUTION HP has provided firmware updates to address the vulnerability for HP PCs with UEFI Firmware. To acquire the firmware updates,...
7.5CVSS
7.4AI Score
LocalTapiola: SMTP configuration vulnerability viestinta.lahitapiola.fi
Hello guys, I have two related SMTP vulnerabilities. I decided to put both of them under the same ticket because they are closely related. Summary: I discovered two SMTP vulnerabilities on host viestinta.lahitapiola.fi. First it is possible to perform user enumeration. For this you can use...
-0.2AI Score
HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability
Talos Vulnerability Report TALOS-2016-0177 HDF5 Group libhdf5 H5Z_NBIT Code Execution Vulnerability November 17, 2016 CVE Number CVE-2016-4331 Description HDF5 is a file format that is maintained by a non-profit organization, The HDF Group. HDF5 is designed to be used for storage and organization.....
0.4AI Score
0.002EPSS
0.5AI Score
0.1AI Score
-0.3AI Score
7.4AI Score
7.1AI Score
Adobe Reader DC XSLT Parsing for-each Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the AXSLE...
9.8CVSS
4.9AI Score
0.042EPSS
6.2AI Score
0.006EPSS
The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree...
5.5CVSS
6.8AI Score
0.006EPSS
MS16-107: Description of the security update for Outlook 2013: September 13, 2016
MS16-107: Description of the security update for Outlook 2013: September 13, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...
6.9AI Score
0.014EPSS
Cumulative update for Windows 10 Version 1511: September 13, 2016
Cumulative update for Windows 10 Version 1511: September 13, 2016 Summary This security update includes improvements and fixes in the functionality of Windows 10 Version 1511. It also resolves the following vulnerabilities in Windows: 3183038 MS16-104: Cumulative security update for Internet...
7.3AI Score
0.964EPSS
MySQL <= 5.7.15 remote Root code execution vulnerability
http://legalhackers.com dawid (at) legalhackers.com Release date: 12.09.2016 I. VULNERABILITY MySQL <= 5.7.15 Remote Root Code Execution / Privilege Escalation (0day) 5.6.33 5.5.52 MySQL clones are also affected, including: MariaDB PerconaDB II. BACKGROUND "MySQL is the...
10.3AI Score
0.021EPSS
MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege Escalation
MySQL MariaDB PerconaDB 5.5.515.6.325.7.14 - Code Execution Privilege...
9.8CVSS
0.8AI Score
MySQL / MariaDB / PerconaDB 5.5.52 / 5.6.33 / 5.7.15 - Code Execution / Privilege Escalation
Exploit for multiple platform in category local...
0.4AI Score
0.005EPSS
-0.1AI Score
0.021EPSS
MySQL / MariaDB / PerconaDB 5.5.51/5.6.32/5.7.14 - Code Execution / Privilege Escalation
...
8.9AI Score
0.007EPSS
Adobe ColdFusion < 11 Update 10 - XML external entity injection
Discovered by: Dawid Golunski http://legalhackers.com dawid (at) legalhackers.com APSB16-30 Release date: 31.08.2016 I. VULNERABILITY Adobe ColdFusion <= 11 XML External Entity (XXE) Injection II. BACKGROUND "Adobe ColdFusion 11 Enterprise Edition offers a single platform to rapidly build and...
9.3AI Score
0.733EPSS
8.6AI Score
0.733EPSS
0.6AI Score
0.733EPSS
Adobe ColdFusion < 11 Update 10 - XML External Entity Injection
Exploit for php platform in category web...
0.3AI Score
0.733EPSS
Adobe ColdFusion 11 Update 10 - XML External Entity Injection
Adobe ColdFusion 11 Update 10 - XML External Entity...
8.6CVSS
0.3AI Score
Raptor - Web-based Source Code Vulnerability Scanner
Raptor is a web-based (web-serivce + UI) github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are...
7.4AI Score
MS16-099: Description of the security update for Outlook 2013: August 9, 2016
MS16-099: Description of the security update for Outlook 2013: August 9, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...
7.7AI Score
Vulnerable URL: http://www.debet.ge/en/product.php?cat=16">&subcat;=61&product;=550 Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 23:03 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...
6.2AI Score
Public, Private Sector Team to Fight Ransomware
Knowing where to turn for help when victimized by ransomware isn’t always clear. Should you pay the ransom? Are there alternatives to getting your precious data back? Who can you turn to for help? In an effort to answer those questions and help victims retrieve data encrypted by ransomware a...
-0.5AI Score