Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-2)

USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter CNTVCT on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the...

Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2515-1)

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

Ubuntu 14.10 : linux vulnerabilities (USN-2518-1)

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

USN-2518-1: Linux kernel vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

USN-2517-1 linux-lts-utopic vulnerabilities

A flaw was discovered in the Kernel Virtual Machine's KVM emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS crash or potentially gain privileges on the guest OS...

Linux Kernel ASLR Integer Overflow Vulnerability

Linux kernel is an open source operating system. The Linux kernel ASLR implementation suffers from an integer overflow that allows an attacker to exploit a vulnerability to crash an application or execute arbitrary code...

Linux Kernel ASLR Implementation Insufficient Moisture Vulnerability

Linux Kernel is an open source operating system. The Linux Kernel ALSR implementation suffers from an insufficient moisture problem that allows attackers to exploit vulnerabilities to bypass security restrictions through brute force techniques for further attacks...

[SECURITY] [DLA 155-1] linux-2.6 security update

Package : linux-2.6 Version : 2.6.32-48squeeze11 CVE ID : CVE-2013-6885 CVE-2014-7822 CVE-2014-8133 CVE-2014-8134 CVE-2014-8160 CVE-2014-9420 CVE-2014-9584 CVE-2014-9585 CVE-2015-1421 CVE-2015-1593 This update fixes the CVEs described below. A further issue, CVE-2014-9419, was considered, but...

Microsoft Internet Explorer ASLR Security Bypass Vulnerability (CNVD-2015-01145)

Microsoft Internet Explorer is a popular WEB browser. A security vulnerability exists in Microsoft Internet Explorer ASLR that could allow an attacker to bypass certain security restrictions or execute arbitrary code using another application...

Microsoft Office Shared Component ASLR Bypass (MS15-013; CVE-2014-6362)

A security feature bypass vulnerability exists in Microsoft Office Shared Component. The vulnerability is due to an improper implementation of Address Space Layout Randomization ASLR by MSCOMCTL common controls library used by Microsoft Office software. A remote attacker can exploit this issue by...

VulnCheck KEV: CVE-2015-0071

Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization ASLR protection mechanism via a crafted web site...

MS15-009: Description of the security update for JScript9.dll in Internet Explorer: February 10, 2015

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage.SummaryThis article describes the cumulative security update for JScript9.dll in Internet Explorer that is dated February 10, 2015. This security update resolves an iss...

DEBIAN-CVE-2014-9675

bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font...

USN-2492-1: Linux kernel vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

USN-2490-1: Linux kernel vulnerabilities

Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage TLS implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization ASLR protection mechanism. A local user could exploit this fla...

Ubuntu: Security Advisory (USN-2492-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MS KB3033408: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

The remote host is missing KB3033408. It is, therefore, affected by a memory leak that can allow bypassing of memory randomization mitigations, aiding in further attacks. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid80948; scriptversion"1.13";...

VulnCheck KEV: CVE-2015-0310

Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization ASLR protection mechanism...

phpyun v3.2 二次注入一枚(绕过过滤,无需登录)

简要描述： 20141226的对之前的绕过过滤的那里也稍微改了下。。 这个改了 依旧能直接绕过 无限制。 可以直接出管理的密码啥的。 本地直接出管理密码了,demo测试。。 因为demo有安全狗。不会搞安全狗。 就直接延个时了。。 详细说明： http://www.hr135.com/company/index.php?m=index&c=index&id=3751&style=../../template/admin&tp=/adminwebconfig 可以发现现在打开是空白了。。 来看看代码。 在conpany/model/index.class.php中 $GET'style' ...

UBUNTU-CVE-2014-9419

The switchto function in arch/x86/kernel/process64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage TLS descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application...