CVE-2019-7740

An issue was discovered in Joomla! before 3.9.3. Inadequate parameter handling in JavaScript code core.js writeDynaList could lead to an XSS attack vector...

Microsoft Edge Memory Corruption Vulnerability

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the...

chromium-browser: Type Confusion in SVG

An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

Adobe Flash Player ActionScript Vector Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

[SECURITY] Fedora 28 Update: libwmf-0.2.12-1.fc28

A library for reading and converting Windows MetaFile vector graphics WMF...

[SECURITY] Fedora 29 Update: libwmf-0.2.12-1.fc29

A library for reading and converting Windows MetaFile vector graphics WMF...

CVE-2018-3991

An exploitable heap overflow vulnerability exists in the WkbProgramLow function of WibuKey Network server management, version 6.40.2402.500. A specially crafted TCP packet can cause a heap overflow, potentially leading to remote code execution. An attacker can send a malformed TCP packet to trigg...

CVE-2017-1177

CVE-2017-1177 affects IBM BigFix Compliance 1.7–1.9.91, disclosing sensitive information to unauthorized users. Reported as a medium-severity issue (CVSS v2 base 5.0; CVSS v3 base 5.3) with network vector and no user interaction required. The material notes potential to mount further attacks usin...

OpenMRS Platform 2.24.0 - Insecure Object Deserialization

OpenMRS Platform 2.24.0 - Insecure Object Deserialization Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector:...

UBUNTU-CVE-2019-7351

Log Injection exists in ZoneMinder through 1.32.3, as an attacker can entice the victim to visit a specially crafted link, which in turn will inject a custom Log message provided by the attacker in the 'log' view page, as demonstrated by the message=User%20'admin'%20Logged%20in value...

Security Bulletin: Vulnerabilities in OpenSSL affect System x Integrated Management Module (IMM) (CVE-2015-0204, CVE-2014-3570, CVE-2014-3572, CVE-2014-8275)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes "FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL client and server vulnerability. OpenSSL is used by System x Integrated Management Module IMM. IMM has addressed the applicable CVEs...

Security Bulletin: Upward Integration Module for HP Openview Operations for Windows is affected by multiple vulnerabilities in IBM Java SDK

Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition that is shipped with Upward Integration Module for HP Openview Operations for Windows. These issues were disclosed as part of the Java Technology Edition Quarterly CPU - January 2015. Vulnerability Details Abstract Ther...

Security Bulletin: GNU C library (glibc) vulnerability affects the Intel MPSS for use on the Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A and Intel Xeon Phi 7120P PCI-Express add-in cards sold by IBM/Lenovo

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects the Intel Manycore Platform Software Stack for use on the Intel Xeon Phi PCI-Express add-in cards. The Intel Manycore Platform Software Stack is available for free on Intel's website. This is not something...

Fake Cisco Job Posting Targets Korean Candidates

Edmund Brumaghin and Paul Rascagneres authored this post, with contributions from Jungsoo An. Executive summary Cisco Talos recently observed a targeted malware campaign being leveraged in an attempt to compromise specific organizations. The infection vector associated with this campaign was a...

Microsoft Windows VCF or Contact File - URL Manipulation-Spoof Arbitrary Code Execution

Microsoft Windows VCF or Contact File - URL Manipulation-Spoof Arbitrary Code Execution Exploit Title: Microsoft Windows 'VCF' or 'Contact' File URL Manipulation-Spoof Arbitrary Code Execution Vulnerability -- Remote Vector Google Dork: N/A Date: January, 21 2019 Exploit Author: Eduardo Braun Pra...

Microsoft Windows VCF or Contact File - URL Manipulation-Spoof Arbitrary Code Execution Exploit

Exploit Title: Microsoft Windows 'VCF' or 'Contact' File URL Manipulation-Spoof Arbitrary Code Execution Vulnerability -- Remote Vector Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: Windows 7 SP1, 8.1, 10 v.1809 wi...

Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution

Exploit Title: Microsoft Windows 'VCF' or 'Contact' File URL Manipulation-Spoof Arbitrary Code Execution Vulnerability -- Remote Vector Google Dork: N/A Date: January, 21 2019 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/...

CVE-2019-2406

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows high privileged attacker having Create Session, Execute Catalog Role privilege with network access via Oracle Net to...

CVE-2019-2426

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS attacks. The vulnerability exists as the 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local...