3063 matches found
ABB Ellipse information leakage hole reveals vulnerabilities
Ellipse is an EAM software application for asset-intensive industries. ABB Ellipse is vulnerable to an information leakage hole disclosure vulnerability that allows an attacker to discover authentication credentials by sniffing local network traffic when authenticating Ellipse to LDAP/AD using th...
Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD(CVE-2017-11890)
There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery host and sending a malicious wpad.dat file to the victim. Th...
Windows: Uninitialized variable in jscript!JsArraySlice(CVE-2017-11855)
There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - By opening a malicious web page in Internet Explorer. - currently untested An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy...
Microsoft Windows - jscript!JsArraySlice Uninitialized Variable
Microsoft Windows - jscript!JsArraySlice Uninitialized Variable var x = new URIErrornew Array, undefined, undefined; String.prototype.localeCompare.callx, new Date0, 0, 0, 0, 0, 0, undefined; Array.prototype.slice.call1; !-- ============================================ Technical details: The issu...
Microsoft Windows jscript!NameTbl::GetValDef Use-After-Free Exploit
Exploit for windows platform in category dos / poc Windows: use-after-free in jscript!NameTbl::GetValDef CVE-2017-11903 There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this...
Microsoft Windows - 'jscript!JsArraySlice' Uninitialized Variable
var x = new URIErrornew Array, undefined, undefined; String.prototype.localeCompare.callx, new Date0, 0, 0, 0, 0, 0, undefined; Array.prototype.slice.call1; !-- ============================================ Technical details: The issue is in jscript!JsArraySlice Array.prototype.slice.call in the P...
Microsoft Windows - 'jscript!RegExpComp::Compile' Heap Overflow Through IE or Local Network via WPAD
var s = 'a'; forvar i=0;i !-- ============================================...
Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD
Microsoft Windows - jscript!RegExpComp::Compile Heap Overflow Through IE or Local Network via WPAD var s = 'a'; forvar i=0;i...
WIndows jscript!JsArraySlice Uninitialized Variable
Windows: Uninitialized variable in jscript!JsArraySlice CVE-2017-11855 There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - By opening a malicious web page in Internet Explorer. - currently untested An attacker on t...
aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript
by Ivan Fratric, Thomas Dullien, James Forshaw and Steven Vittitoe Intro Many widely-deployed technologies, viewed through 20/20 hindsight, seem like an odd or unnecessarily risky idea. Engineering decisions in IT are often made with imperfect information and under time pressure, and some odditie...
Windows jscript!NameTbl::GetValDef Use-After-Free
Windows: use-after-free in jscript!NameTbl::GetValDef CVE-2017-11903 There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue by posing as a WPAD Web Proxy Auto-Discovery...
Microsoft Windows jscript!RegExpComp::Compile Heap Overflow
Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this issue...
private_address_check contains Incomplete List of Disallowed Inputs
The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...
BSA-2017-450
Security Advisory ID : BSA-2017-450 Component : IPV6RA Revision : 2.0: Final A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement RA handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially...
The vulnerability of the Avaya Fabric Connect Virtual Services Platform Operating System Software (VOSS) is related to improper handling of VLAN and I-SID indexes, allowing an attacker to gain unauthorized access.
The vulnerability of the Avaya Fabric Connect Virtual Services Platform operating system is related to improper handling of VLAN and I-SID indexes. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access through specially created Ethernet frames...
Vocran NVR Remote Command Execution
The remote Vocran network video recorder is affected by a remote command execution vulnerability due to improper sanitization of user-supplied input passed via /board.cgi. An unauthenticated remote attacker can exploit this, via a specially crafted URL, to execute arbitrary commands on the device...
Updated dnsmasq packages fix security vulnerabilities
CVE-2017-13704: Dnsmasq could be made to crash on a large DNS query. A DNS query received by UDP which exceeds 512 bytes or the EDNS0 packet size, if different. is enough to cause SIGSEGV. CVE-2017-14491: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies...
dnsmasq: stack buffer overflow in the DHCPv6 code
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code...
CVE-2017-14493
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code...
CVE-2017-14797
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories by leveraging the ability to sniff HTTP traffic on...