Memory corruption

The swin.sys kernel driver in McAfee Application Control MAC 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service memory corruption and system crash or...

CVE-2016-1715

CVE-2016-1715 affects the McAfee Application Control (MAC) kernel driver swin.sys on 32‑bit Windows. The issue is a memory corruption condition triggered by handling a 768 syscall, where a zero can be written to an arbitrary kernel memory location. This enables local attackers to cause a denial o...

CVE-2016-1715

The swin.sys kernel driver in McAfee Application Control MAC 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service memory corruption and system crash or...

McAfee Application Control Kernel Driver Memory Corruption Elevation of Privilege Vulnerability

McAfee Application Control is a centrally managed whitelisting solution. McAfee Application Control has a security vulnerability in the handling of syscall 768 within the swin.sys kernel driver, which can be exploited to execute arbitrary code in the system context by writing a "0" to any locatio...

McAfee Application Control Kernel Driver Memory Corruption Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of McAfee Application Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

IBM Cúram Social Program Management SQL Injection Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM in the United States. A SQL injection vulnerability exists in IBM Curam SPM. An attacker could use this vulnerability to take control of the application, access or modify data, or exploit potential...

Cisco Application Control Engine 4700 A5 Security Bypass Vulnerability

The Cisco Application Control Engine 4700 A5 is a next-generation load balancing and application delivery solution for use in Cisco Catalyst 6500 series switches and Cisco 7600 series routers. A security vulnerability in the CLI of the Cisco ACE 4700 A5 allows an attacker to submit special files ...

Cisco ACE 4710 and ACE30 Application Control Engine CLI Privilege Escalation Vulnerability

A vulnerability in the command-line interface CLI of Cisco Application Control Engine ACE could allow an authenticated, local attacker to elevate privileges to read and alter the content of files that belong to other contexts. The vulnerability is due to insufficient file access controls. An...

McAfee Application Control multiple security vulnerabilities

Restrictions bypass, unsafe libraries usage, privilege escalation...

SEC Consult SA-20150728-0 :: McAfee Application Control Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory 20150728-0 ======================================================================= title: McAfee Application Control Multiple Vulnerabilities product: McAfee Application Control vulnerable version: verified in version 6.1.3.353 fixed version: a fixe...

McAfee Application Control Buffer Overflow Vulnerability

McAfee Application Control is a suite of program control software from the U.S.-based company McAfee. The software protects enterprise servers and endpoints from unauthorized applications and malware threats by using a dynamic trust model. A buffer overflow vulnerability exists in McAfee...

McAfee Application Control Denial of Service Vulnerability

McAfee Application Control is a suite of program control software from the U.S.-based company McAfee. The software protects enterprise servers and endpoints from unauthorized applications and malware threats by using a dynamic trust model. A denial of service vulnerability exists in McAfee...

McAfee Application Control Security Bypass Vulnerability

McAfee Application Control is a suite of program control software from the U.S.-based company McAfee. The software protects enterprise servers and endpoints from unauthorized applications and malware threats by using a dynamic trust model. McAfee Application Control has a security vulnerability...

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in qTranslate WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against website administrators. Successful exploitation of this vulnerability may allow a remote attacker to gain complete control ove...

Nodes Studio CMS Information Disclosure Vulnerability

Nodes Studio CMS is a content management system. Nodes Studio CMS has an unspecified security vulnerability that allows remote attackers to obtain sensitive cookie information, take control of the application, and access or modify data...

PhreeBooks Input Validation Vulnerability

PhreeBooks is a suite of open source Web-based enterprise resource planning ERP and accounting applications that provide vendor account information management, inventory management and tracking, checking and bank reconciliation, and more. An input validation vulnerability exists in PhreeBooks. An...

CVE-2014-8877 - Code Injection in Wordpress CM Download Manager plugin

Vulnerability title: Code Injection in Wordpress CM Download Manager plugin CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Product: https://wordpress.org/plugins/cm-download-manager/ Affected version: 2.0.0 and previous version Fixed version:...

CVE-2014-8951

Technical details (affected product, component, root cause, versions, or remediation) are not publicly provided in the supplied documents. Monitor for updates.

CVE-2014-8951

Unspecified vulnerability in Check Point Security Gateway R75, R76, R77, and R77.10, when UserCheck is enabled and the 1 Application Control, 2 URL Filtering, 3 DLP, 4 Threat Emulation, 5 Anti-Bot, or 6 Anti-Virus blade is used, allows remote attackers to cause a denial of service fwk0 process...

Android 5.0 Lollipop Encryption and Application Control

Google, like most technology companies in this climate, is fighting for the security and privacy of its users’ data on several fronts. With a mobile application ecosystem that invites trouble and government demands for user content and information continuing to rise, Google decided with Android...