[SECURITY] Fedora 24 Update: redis-3.2.8-1.fc24

Redis is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing se...

Microsoft Security Advisory 4025685: Windows Vista (June 2017)

The remote Windows Vista host is missing a security update. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exists in Microsoft Internet Explorer due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit...

Microsoft Word Multiple Remote Code Execution Vulnerabilities (KB3191945)

This host is missing an important security update according to Microsoft KB3191945 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Windows GDI Information Disclosure Vulnerability

A Win32k information disclosure vulnerability exists when the Windows GDI component improperly discloses kernel memory addresses. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker...

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

MongoDB DoS Vulnerability (May 2017) - Linux

MongoDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb";...

Microsoft Chakra Core Remote Code Execution Vulnerability

Chakra is a JavaScript engine developed by Microsoft for its web browsers. A security vulnerability in the way the JavaScript engine is rendered when handling in-memory objects in Microsoft Chakra Core could be exploited by remote attackers to construct malicious web pages that could be parsed by...

Microsoft Edge Remote Code Execution Vulnerability

Microsoft Edge is the web browser built into the Windows 10 version. A remote code execution vulnerability exists in the scripting engine presentation when Microsoft Edge handles in-memory objects, where an attacker could execute arbitrary code in the current user context...

CVE-2016-3104

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...

CVE-2016-3104

mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow remote attackers to cause a denial of service memory consumption and process termination by leveraging in-memory database representation when authenticating against a non-existent database...

CVE-2016-3104

Removed by vendor...

Microsoft Windows Uniscribe Information Disclosure Vulnerability (CNVD-2017-03757)

Microsoft Uniscribe is a component of the Windows operating system developed by Microsoft Corporation for the correct presentation of Unicode characters. An information disclosure vulnerability exists in Microsoft Uniscribe's handling of in-memory objects, which allows remote attackers to exploit...

SAP Patches Critical HANA Vulnerability That Allowed Full Access

SAP patched a series of critical vulnerabilities in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise without authentication. When chained together the flaws could lead to the theft of confidential information, financial fraud, and the...

VulnCheck KEV: CVE-2017-0022

Microsoft XML Core Services MSXML improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site...

Microsoft Office Memory Corruption (MS17-014: CVE-2017-0006)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to the way Microsoft Office improperly handles objects in memory. A remote attacker can exploit this issue by enticing a victim to open a specially crafted file...

Uncovering cross-process injection with Windows Defender ATP

Windows Defender Advanced Threat Protection Windows Defender ATP is a post-breach solution that alerts security operations SecOps personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address...

Authenticated WMI Exec Via Powershell

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'msf/core/post/windows/powershell' require 'msf/core/post/windows/priv' require 'msf/core/exploit/powershell/dotnet' class MetasploitModule...

Powershell .NET Compiler

This module will build a .NET source file using powershell. The compiler builds the executable or library in memory and produces a binary. After compilation the PowerShell session can also sign the executable if provided a path the a .pfx formatted certificate. Compiler options and a list of...

PT-2016-2746 · Microsoft · Edge +1

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 9 through 11 Microsoft Edge Description: The issue allows remote attackers to obtain sensitive information via a crafted web site. This is due to the way the affected components handle objects in memory,...

DLA-577-1 redis - security update

Bulletin has no description...