The vulnerability of the Cisco Firepower Extensible Operating System allows a intruder to trigger a maintenance failure.

The vulnerability of the Cisco Firepower Extensible Operating System’s driver exists due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor, operating locally, to trigger a service failure using a pre-prepared USB device that transmits erroneous USB...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to gain access to read the files.

The vulnerability of the Cisco Firepower Extensible Operating System is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to files through a specially crafted HTTP request...

The vulnerability of the Cisco Firepower Extensible Operating System allows a hacker to deploy malicious elements on the page and force the user to activate them.

The vulnerability of the Cisco Firepower Extensible Operating System’s web interface is related to the lack of restrictions on the use of IFRAME elements. Exploiting this vulnerability allows a malicious actor to deploy malicious elements on a page and force users to activate them through a...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to gain access to the authentication data of arbitrary users.

The vulnerability of the Cisco Firepower Extensible Operating System is related to the manipulation of inter-site requests. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to the authentication credentials of arbitrary users...

jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags

It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...

jakarta-taglibs-standard: XXE and RCE via XSL extension in JSTL XML tags

It was found that the Java Standard Tag Library JSTL allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution...

Python Fuzzing Framework: Kitty

Kitty is an open-source modular and extensible fuzzing framework written in python, inspired by OpenRCE’s Sulley and Michael Eddington’s and now Deja Vu Security’s Peach Fuzzer . Goal The goal of Kitty was to help with fuzzing unusual targets — proprietary and esoteric protocols over non-TCP/IP...

UBUNTU-CVE-2015-8791

The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access...

OpenJDK: insufficient enforcement of totalEntitySizeLimit (JAXP, 8133962)

It was discovered that the JAXP component in OpenJDK did not properly enforce the totalEntitySizeLimit limit. An attacker able to make a Java application process a specially crafted XML file could use this flaw to make the application consume an excessive amount of memory...

CVE-2016-0457

Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456. NOTE: the previous information is...

The vulnerability of the Mac OS X operating system, which allows a hacker to increase their privileges

The vulnerability of the kernel loader in the EFI component of the Mac OS X operating system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created path name...

The vulnerability of the Flash Player and Adobe Integrated Runtime software allows a perpetrator to execute arbitrary code.

The vulnerabilities of the Flash Player and Adobe Integrated Runtime programs are caused by an overflow in the dynamic memory buffer. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code using a specially created XML object during a call to the toString method...

Apple iOS libxml2 memory corruption vulnerability (CNVD-2016-00215)

iOS is an operating system developed by Apple for mobile devices, and supported devices include iPhone, iPod touch, iPad, and Apple TV. A security vulnerability exists in libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1. A remote attacker could exploit this vulnerability ...

Network Protocol Fuzzing: boofuzz

Boofuzz is a fork of and the successor to the Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility, with the eventual goal of being able to fuzz literally anything. Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance...

[SECURITY] Fedora 22 Update: ruby-2.2.4-47.fc22

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

XMPP Cleartext Authentication

The remote Extensible Messaging and Presence Protocol XMPP service supports one or more authentication mechanisms that allow credentials to be sent in the clear. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid87736; scriptversion"$Revision: 1.1 $"; scriptcvsdate"$Date...

Camel: XXE in via SAXSource expansion

It was found that Apache Camel's XML converter performed XML External Entity XXE expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more...

libxml2: CPU exhaustion when processing specially crafted XML input

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to use an excessive amount of CPU...

libxml2: Out-of-bounds memory access

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...

libxml2: Out-of-bounds memory access

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to crash...