Cisco UCS Central Software Vulnerability

Cisco has released a security advisory to address a vulnerability in the web framework of Cisco Unified Computing System UCS Central Software. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT encourages users and administrators to revie...

Apple Releases Security Updates for Safari

Apple has released security updates for Safari to address multiple vulnerabilities. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of the affected system. Available updates include: Safari 8.0.6 for OS X Yosemite v10.10.3 Safari 7.1.6 for OS X Mavericks...

Global 6 0 0 0 million Mac computers still affected by Rootpipe vulnerability, Backdoor impact-vulnerability warning-the black bar safety net

Mulberry heart, but it's true: even the latest Mac OS X Yosemite system Apple Mac computers will still be hidden Backdoor“Rootpipe”attack. As the“2 0 1 4 year of the vulnerability up to theoperating system”, the Mac OS X system and then exposed the vulnerability can not help but make people...

Oracle Releases April 2015 Security Advisory

Oracle has released security fixes to address 98 vulnerabilities as part of its quarterly Critical Patch Update. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to review the Oracle April 2015...

Microsoft Windows AVI Processing Malformed Header Code Execution (MS09-038) - Ver2 (CVE-2009-1545)

Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF. This file type used with applications that capture, edit, and play back audio-video sequences. A remote code execution vulnerability has been discovered in the way Microsoft Windows handles specially crafted AV...

Microsoft DirectShow Size Validation Remote Code Execution (MS09-028) - Ver2 (CVE-2009-1539)

Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. It is used for high-quality capture and playback of multimedia streams. The vulnerability is due to an error in the Microsoft DirectShow component that fails to properly validate certain size fields within...

Microsoft Browser Embedded Media Player Memory Corruption (MS10-082) - Ver2 (CVE-2010-2745)

Windows Media Player is a feature of the Windows operating system for personal computers. It is used for playing audio and video. A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in the Windows Media Player that improperly...

Microsoft Windows Remote Code Execution Vulnerabilities (3041836)

This host is missing a critical security update according to Microsoft Bulletin MS15-020. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Linux "Ghost" Remote Code Execution Vulnerability

The Linux GNU C Library glibc versions 2.2 and other 2.x versions before 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system. US-CERT recommends users a...

Mozilla Releases Security Updates for Firefox, Firefox ESR, SeaMonkey, and Thunderbird

The Mozilla Foundation has released security updates to address multiple vulnerabilities in Firefox, Firefox ESR, SeaMonkey, and Thunderbird. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system. Updates available include: Firefox 35 Firefox ESR...

Adobe Releases Security Updates for Flash Player

Adobe has released security updates to address multiple vulnerabilities in Flash Player, one of which could potentially allow an attacker to take control of the affected system. Users and administrators are encouraged to review Adobe Security Bulletin APSB15-01 and apply the necessary updates. Th...

Ultra-Mini-HTTPD-1.21---POST

Exploit Title: Ultra Mini HTTPD stack buffer overflow POST request Date: 16 Feb 2014 Exploit Author: Sumit Vendor Homepage: http://www.picolix.jp/ Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.21 Tested on: Windows XP Professional SP3 A buffer overflow is triggere...

Microsoft Windows WebDav Mini-Redirector Heap Buffer Overflow (MS08-007) - Ver2 (CVE-2008-0080)

Web Distributed Authoring and Versioning WebDAV is a set of extensions for HTTP that allows allow clients to publish, lock, and manage resources on the Web. . The vulnerability is due to an error in the Microsoft Windows WebDAV Mini-Redirector that fails to properly handle malformed WebDAV...

Docker Releases Security Updates

Docker versions 1.3.3 and 1.4.0 have been released to address multiple security vulnerabilities, one of which could allow a remote attacker to take control of a vulnerable system. Users and administrators are encouraged to review the Docker Security Advisory and apply the necessary updates. This...

Swedish hacker aeration OS X Yosemite have serious security vulnerabilities-vulnerability warning-the black bar safety net

Swedish white-hat hacker represents in Apple's OS X Yosemite discovered a very serious security vulnerability in this vulnerability hacker can control user's computer. The Swedish security company Truesec hacker Emil Kvarnhammar called this vulnerability as“rootpipe”, but also explains in detail...

Cisco ASA Local Path Inclusion Vulnerability

A vulnerability in the function that exports environment variables of Cisco ASA Software could allow an authenticated, local attacker to inject a malicious library and take complete control of the system. The vulnerability is due to improper setting of the LDLIBRARYPATH environment. An attacker...

Google Amazon rush to fix Shellshock security vulnerability-vulnerability warning-the black bar safety net

! 1 Google Amazon rush to fix Shellshocksecurityvulnerability Sina technology hearing Beijing Time 9 on 2 6 on the morning news, the researchers found that the latest Shellshock vulnerability could affect about 5 0% of network server, as well as many Apple devices, Google and Amazon on Thursday...

Microsoft IE is now a new security vulnerability in Windows XP without D-vulnerability warning-the black bar safety net

Microsoft today released a 2 9 6 3 9 8 3 Safety announcement, from IE 6 to IE 1 and 0 of the browser is to detect a remote code execution vulnerability, the user accesses the particular design through the malicious site would be subjected to similar processing e-mail link to the attack. The curre...

MGASA-2014-0291 Updated flash-player-plugin packages fix multiple vulnerabilities

Adobe Flash Player 11.2.202.394 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update includes additional validation checks to ensure that Flash Player rejects malicious content fr...

ESRI ArcGIS 10.0.x / ArcMap 9 - Arbitrary Code Execution

No description provided by source. ===== TITLE ===== ESRI ArcMap Arbitrary Code Execution Via Crafted Map File ============ Description: ============ Opening a specially crafted mxd file will execute arbitrary code without prompting and without a crash of the application. This is due to a flaw in...