OSCA-550, OSCA-550A Security Vulnerabilities

Shiro RememberMe 1.2.4 deserialize the result of command execution vulnerability

Author: rungobier (知道创宇404安全实验室) 概述 Apache Shiro 在 Java 的权限及安全验证框架中占用重要的一席之地，在它编号为550的 issue 中爆出严重的 Java 反序列化漏洞。下面，我们将模拟还原此漏洞的场景以及分析过程。 0x01 漏洞场景还原 首先，需要获取 Apache Shiro 存在漏洞的源代码，具体操作如下: git clone https://github.com/apache/shiro.git git checkout shiro-root-1.2.4 cd ./shiro/samples/web...

Threat Outbreak Alert RuleID23816: Email Messages Distributing Malicious Software on July 18, 2016

Medium Alert ID: 47113 First Published: 2016 July 18 14:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID23816) may contain the following...

Debian DLA-550-1 : drupal7 security update

It was discovered that there was a vulnerability existed in the user module in drupal7, a content management framework. If some specific contributed or custom code triggers a rebuild of the user profile form, a registered user can be granted all user roles on the site. This would typically result.....

[SECURITY] [DLA 550-1] drupal7 security update

Package : drupal7 Version : 7.14-2+deb7u14 CVE ID : CVE-2016-6211 It was discovered that there was a vulnerability existed in the user module in drupal7, a content management framework. If some specific contributed or custom code triggers a rebuild of the user profile form, a...

drupal7 - security update

It was discovered that there was a vulnerability existed in the user module in drupal7, a content management framework. If some specific contributed or custom code triggers a rebuild of the user profile form, a registered user can be granted all user roles on the site. This would typically result.....

MS16-088: Description of the security update for Outlook 2013: July 12, 2016

MS16-088: Description of the security update for Outlook 2013: July 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft...

MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016

MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

The International Incident – Gaining Control of a .int Domain Name With DNS Trickery

The .int or international TLD is perhaps one of the most exclusive extensions available on the Internet. The number of domains on the extension is so small it has it’s own Wikipedia page. Introduced around 27 years ago its primary purpose has been for international treaty organizations. The...

CVE-2016-5322

The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image. Bugs http://bugzilla.maptools.org/show_bug.cgi?id=2560 Notes Author| Note ---|--- mdeslaur | fixed by patch for...

WordPress SOME bug in plupload.flash.swf

WordPress SOME bug in plupload.flash.swf Intro WordPress 4.5.1 is vulnerable against a Same-Origin Method Execution (SOME) vulnerability that stems from an insecure URL sanitization process performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they...

openSUSE Security Update : jq (openSUSE-2016-550)

jq was updated to fix one security issue. This security issue was fixed : CVE-2015-8863: Heap buffer overflow in tokenadd() function...

Automattic: WordPress SOME bug in plupload.flash.swf leading to RCE

Intro WordPress is vulnerable against a Same-Origin Method Execution (SOME) vulnerability that stems from an insecure URL sanitization problem performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do so,....

Automattic: WordPress Flash XSS in *flashmediaelement.swf*

Intro WordPress is vulnerable against a reflected XSS that stems from an insecure URL sanitization problem performed in the file flashmediaelement.swf. The code in the file attempts to remove flashVars ¹ in case they have been set GET parameters but fails to do so, enabling XSS via...

Threat Outbreak Alert RuleID22080: Email Messages Distributing Malicious Software on April 5, 2016

Medium Alert ID: 44490 First Published: 2016 April 5 19:05 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID22080) may contain the following...

550+ Card Games Solitaire Pack - Dynamic Code Loading, External URLs, Native code usage vulnerabilities

HackApp vulnerability scanner discovered that application 550+ Card Games Solitaire Pack published at the 'play' market has multiple...

MS16-029: Description of the security update for Outlook 2013: March 8, 2016

Describes a security update that fixes vulnerabilities in Microsoft Office. The most severe of these vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file.SummaryThis security update resolves vulnerabilities in Microsoft Office that could allow....

ClamWin 0.99 DLL Hijacking

...

osca-moebel.de XSS vulnerability

Vulnerable URL: http://www.osca-moebel.de/index.php?id=327&suche;="> Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 20:19 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2949255 Google Pagerank| 2 VIP websit...

Threat Outbreak Alert RuleID20333: Email Messages Distributing Malicious Software on January 11, 2016

Medium Alert ID: 42969 First Published: 2016 January 11 14:44 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID20333) may contain the following...

Trend Micro DLL Hijacking

...

CVE-2015-8928

The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. Bugs ...

Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption

Rar - CmdExtract::UnstoreFile Integer Truncation Memory...

Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption

...

Oracle BeeHive 2 Arbitrary File Upload

...

Oracle BeeHive 2 Arbitrary File Upload Exploit

This Metasploit module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to...

Oracle BeeHive 2 - 'voice-servlet prepareAudioToPlay()' Arbitrary File Upload (Metasploit)

...

Port Scan v2.0 iOS - Command Inject Vulnerability

Port Scan version 2.0 suffers from a command injection...

Port Scan 2.0 Command Injection

...

Oracle BeeHive 2 voice-servlet prepareAudioToPlay() Arbitrary File Upload

This module exploits a vulnerability found in Oracle BeeHive. The prepareAudioToPlay method found in voice-servlet can be abused to write a malicious file onto the target machine, and gain remote arbitrary code execution under the context of SYSTEM. Authentication is not required to exploit this...

Oracle Beehive prepareAudioToPlay Arbitrary File Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Beehive. Authentication is not required to exploit this vulnerability. The specific flaw exists within the voice-servlet's playAudioFile.jsp. The method prepareAudioToPlay contains vulnerable....

Threat Outbreak Alert RuleID19199: Email Messages Distributing Malicious Software on November 5, 2015

Medium Alert ID: 41950 First Published: 2015 November 5 14:40 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID19199) may contain the following...

Port Scan v2.0 iOS - Command Inject Vulnerability

...

Port Scan v2.0 iOS - Command Inject Vulnerability

...

Threat Outbreak Alert RuleID19035: Email Messages Distributing Malicious Software on October 28, 2015

Medium Alert ID: 41777 First Published: 2015 October 28 19:13 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID19035) may contain the following...

CVE-2015-7683: Absolute Path Traversal in the Font WordPress Plugin

Details Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 (Pending) CVSS: 6.3 (Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N) CWE: CWE-22 Description An absolute path traversal vulnerability in Font 7.5 allows WordPress admins read access to system files such as...

Threat Outbreak Alert RuleID18902: Email Messages Distributing Malicious Software on October 22, 2015

Medium Alert ID: 41677 First Published: 2015 October 22 20:25 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID18902) may contain the following...

WordPress Font 7.5 Path Traversal Vulnerability

WordPress Font plugin version 7.5 suffers from a path traversal...

WordPress Font 7.5 Path Traversal

...

Threat Outbreak Alert RuleID18518: Email Messages Distributing Malicious Software on October 7, 2015

Medium Alert ID: 41419 First Published: 2015 October 7 17:44 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID18518) may contain the following...

FreeBSD : openjpeg -- use-after-free vulnerability (a233d51f-5d4c-11e5-9ad8-14dae9d210b8)

Feist Josselin reports : Use-after-free was found in openjpeg. The vuln is fixed in version 2.1.1 and was located in opj_j2k_write_mco...

poliycd-weight Server Detection

Detection of a policyd-weight...

Amazon Linux: Security Advisory (ALAS-2015-564)

The remote host is missing an update for...

Amazon Linux: Security Advisory (ALAS-2015-550)

The remote host is missing an update for...

openSUSE Security Update : virtualbox (openSUSE-2015-550) (Venom)

Version bump to 4.2.32 bnc#938408 CVE-2015-2594 Storage: fixed a crash when taking snapshots (4.2.30 regression) ExtPack: don't fail if the TMP directory contains non-latin1 characters (bug #14159) Main: implemented dedicated event processing queue Linux hosts: fixed a bug which...

openjpeg -- use-after-free vulnerability

Feist Josselin reports: Use-after-free was found in openjpeg. The vuln is fixed in version 2.1.1 and was located in opj_j2k_write_mco...

WordPress Unite Gallery Lite Plugin 1.4.6 - Multiple Vulnerabilities

WordPress Unite Gallery Lite plugin version 1.4.6 suffers from cross site request forgery and remote SQL injection...

WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities

...

WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities

WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple...

WordPress Unite Gallery Lite 1.4.6 CSRF / SQL Injection

...

Threat Outbreak Alert RuleID8337KVR: Email Messages Distributing Malicious Software on May 16, 2016

Medium Alert ID: 40115 First Published: 2015 July 23 19:14 GMT Last Updated: 2016 May 16 17:27 GMT Version: 28 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat...