The vulnerability of the Red Hat Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the usermode-1.37 package of the Red Hat Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out locally...

InFocus IN3128HD Projector Missing Authentication Vulnerability

The InFocus IN3128HD Projector is vulnerable to an authentication bypass in its web interface login page, and is missing authentication for the "webctrl.cgi.elf" CGI file, which allows several actions to be performed or configured inside the device. Firmware 0.26 is verified vulnerable. 1. Adviso...

The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the dbus-glib-0.86 package in the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the sblim-cmpi-network-test-1.3.8 package for the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out locally...

InFocus IN3128HD Projector Multiple Vulnerabilities

Advisory ID Internal CORE-2015-0008 1. Advisory Information Title: InFocus IN3128HD Projector Multiple Vulnerabilities Advisory ID: CORE-2015-0008 Date published: 2015-04-27 Date of last update: 2015-04-22 Vendors contacted: InFocus Release mode: User release 2. Vulnerability Information Class:...

KLA10565 Denial of service vulnerabilities in SQLite

Multiple integer and buffer overflows were found in SQLite. By exploiting these vulnerabilities malicious users can cause denial of service or conduct other unknown impact. These vulnerabilities can be exploited remotely via a specially designed input. Original advisories - Related products SQLit...

SAP JAVA AS icman - DoS vulnerability

Application: SAP JAVA AS Versions Affected: SAP JAVA AS 7.2 – 7.4 Vendor URL: SAP Bugs: Denial of Service Reported: 04.12.2015 Vendor response: 05.12.2015 Date of Public Advisory: 14.03.2016 Reference: SAP Security Note 2256185 Author: Dmitry Yudin ERPScan @ret5et Vulnerability Information Class:...

Baxter SIGMA Spectrum Infusion System Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 30, 2015, and is being released to the NCCIC/ICS-CERT web site. Researcher Jared Bird with Allina IS Security identified four vulnerabilities in Baxter’s SIGMA Spectrum Infusion System. Baxter has released a...

Memory corruption crashes in Off Main Thread Compositing — Mozilla

Security researcher Abhishek Arya Inferno of the Google Chrome Security Team used the Address Sanitizer tool to discover two memory corruption crashes during 2D graphics rendering due to problems in Off Main Thread Compositing. These crashes are potentially exploitable...

BZR Player 1.03 DLL Hijacking

/ + Author: TUNISIAN CYBER + Exploit Title: BZR Player 1.03 DLL Hijacking + Date: 29-03-2015 + Type: Local Exploits + Vendor: http://bzrplayer.blazer.nu/ + Tested on: WinXp/Windows 7 Pro + Friendly Sites: sec4ever.com + Twitter: @TCYB3R + gcc -shared -o DLLNAMEchoose one from the lis below.dll...

Adobe CVE-2011-2461 Remains Exploitable Via Flex Four Years After Patch

UPDATE: This article has been updated to add commentary and clarification from Adobe. A four year old Adobe Flash patch did not properly resolve a vulnerable Flex application, and attackers can exploit the bug, which is said to affect some 30 percent of Alexa’s top 10 most popular sites in the...

[Onapsis Security Advisory 2015-003] SAP Business Objects Unauthorized File Repository Server Write via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-003: SAP Business Objects Unauthorized File Repository Server Write via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to overwri...

Fortinet Single Sign On Stack Overflow Exploit

Exploit for windows platform in category dos / poc 1. Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-...

[CORE-2015-0006] - Fortinet Single Sign On Stack Overflow

Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors contacted: Fortinet Release mode:...

Fortinet Single Sign On Stack Overflow

Advisory ID Internal CORE-2015-0006 1. Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL:https://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors...

Fortinet Single Sign On - Stack Overflow

Advisory Information Title: Fortinet Single Sign On Stack Overflow Advisory ID: CORE-2015-0006 Advisory URL: http://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow Date published: 2015-03-18 Date of last update: 2015-03-18 Vendors contacted: Fortinet Release mode:...

WordPress WPML Missing Authentication

One more vulnerability reported on March 02 and fixed in version 3.1.9: 4. Unauthenticated administrative functions An unauthenticated attacker may under certain conditions bypass WPML's nonce check and perform administrative functions. The administrative ajax functions are protected with nonces ...

Dropbox Patches Remotely Exploitable Vulnerability in SDK

Developers at Dropbox recently fixed a remotely exploitable vulnerability in the Android SDK version of the storage app that enabled attackers to connect applications to a Dropbox account without the user’s consent. This could have opened users up to the theft of information from any app that use...

Square: Invitation threshold

Hello sir, I found a that the web application does not have proper rate limitation on the web application to prevent flooding to the victim's email with invitation emails. the attacker can send thousand of unwanted and unknown email saying: "You're invited to use Square Appointments Hi, Please se...

D-Link DIR636L Remote Command Injection Vulnerability

D-Link DIR636L suffers from a remote command injection vulnerability. SWISSCOM CSIRT SECURITY ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2015-1187 Product: D-Link DIR636L Vendor: D-Link Subject: Remote Command Injection - Incorrect Authentication Effect: Remotely exploitable Author:...