Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : curl (SSA:2016-039-01)

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-039-01. The text itse...

[slackware-security] curl

New curl packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/curl-7.47.1-i486-1slack14.1.txz: Upgraded. This update fixes a security issue where NTLM credentials are not...

StrongSoft灾害预警系统 warn/AjaxHandle/AjaxOuterWarnForMerger.ashx DeptID参数SQL注入漏洞

注入链接：/warn/AjaxHandle/AjaxOuterWarnForMerger.ashx 注入参数：DeptID 【获取数据库版本】 /warn/AjaxHandle/AjaxOuterWarnForMerger.ashx?action=GetCheckIdByPid&DeptID=1'+AND+2709=SELECT+@@version+AND+'EcwM'='EcwM 【获取当前数据库】...

Foxit Reader Global setPersistent Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader GpRuntime::GpLock::GpLock Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Foxit uses...

Foxit Reader Font Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within font parsing. A...

Mageia: Security Advisory (MGASA-2016-0033)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle GoldenGate File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GoldenGate. Authentication is not required to exploit this vulnerability. The specific flaw exists within the GoldenGate mgr process, which listens on TCP port 7809. By default, the process...

The vulnerability of the Windows operating system allows a remote attacker to execute arbitrary code with privileges of the current user.

The Windows operating system contains a vulnerability related to the incorrect processing of specially crafted graphic files in the EMF format. Exploiting this vulnerability can allow an unauthorized intruder to execute arbitrary code with privileges of the current user...

Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : dhcp (SSA:2016-012-01)

New dhcp packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2016-012-01. The text itsel...

Adobe Acrobat Reader DC Doc Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

[SECURITY] Fedora 22 Update: libpng12-1.2.56-1.fc22

The libpng12 package provides libpng 1.2, an older version of the libpng library for manipulating PNG Portable Network Graphics image format files. This version should be used only if you are unable to use the current version of libpng...

Blade - A Webshell Connection Tool With Customized WAF Bypass Payloads

Blade is a webshell connection tool based on console, currently under development and aims to be a choice of replacement of Chooper 中国菜刀. Chooper is a very cool webshell client with widly typies of server side scripts supported, but Chooper can only work on Windows opreation system, so this is th...

Adobe Flash LoadVars decode Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Adobe Flash MovieClip setMask Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MovieClip object...

Adobe Flash MovieClip getBounds Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the MovieClip object...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 14.1 and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/mozilla-thunderbird-38.5.0-i486-1slack14.1.txz: Upgraded. This release contains security fixes and improvements. For more...

Microsoft Internet Explorer CTableRow Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer TextBlock Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Wireshark - dissct_rsl_ipaccess_msg Static Out-of-Bounds Read

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=660 The following crash due to a static out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$...