4666 matches found
UBUNTU-CVE-2016-2507
Integer overflow in codecs/on2/h264dec/source/h264bsdstorage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...
Adobe Flash - LMZA Property Decoding Heap Corruption
Adobe Flash - LMZA Property Decoding Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=790 Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows:...
Adobe Flash - LMZA Property Decoding Heap Corruption
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=790 Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows: LoadImage.swf?img=6 The issue sometimes takes multiple refreshes ...
CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
DEBIAN-CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
Cross site scripting
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
UBUNTU-CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
CVE-2016-5099
CVE-2016-5099 pertains to a cross-site scripting (XSS) vulnerability in phpMyAdmin. The issue affects phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2, allowing remote attackers to inject arbitrary web script or HTML via characters mishandled during double URL decoding. Public advisories i...
CVE-2016-5099
Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...
Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)
Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...
Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)
Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...
DEBIAN-CVE-2016-4353
ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...
Design/Logic Flaw
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...
CVE-2016-2785
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...
CVE-2016-2785
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...
CVE-2016-2785
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...
CVE-2016-2785
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...
CVE-2016-2785
Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...