Lucene search
K

7041 matches found

0day.today
0day.today
added 2015/08/19 12:0 a.m.59 views

Flash PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Exploit

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that allows the execution of arbitrar...

10CVSS9.6AI score0.36806EPSS
Exploits1
exploitpack
exploitpack
added 2015/08/19 12:0 a.m.17 views

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that...

Exploits0
Exploit DB
Exploit DB
added 2015/08/19 12:0 a.m.29 views

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution

Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that allows the execution of arbitrary PCRE bytecode, with potential for memory corrupti...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.31 views

AIX 5.3 TL 12 : bind9 (IV75966)

ISC BIND is vulnerable to a denial of service, caused by an error in the handling of TKEY queries. By sending specially-crafted packets, a remote attacker could exploit this vulnerability to cause a REQUIRE assertion failure. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the...

7.8CVSS6.8AI score0.91284EPSS
Exploits12References2
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.30 views

Scientific Linux Security Update : subversion on SL6.x i386/x86_64 (20150817)

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash. CVE-2015-0248 It was found that the...

5CVSS7AI score0.12841EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/08/18 12:0 a.m.24 views

CentOS Update for mod_dav_svn CESA-2015:1633 centos6

Check the version of moddavsvn SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882252";...

5CVSS7.1AI score0.12841EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2015/08/18 12:0 a.m.32 views

RedHat Update for subversion RHSA-2015:1633-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.3AI score0.12841EPSS
Exploits0References2
NVD
NVD
added 2015/08/17 8:59 p.m.33 views

CVE-2015-6254

The 1 Service Provider SP and 2 Identity Provider IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown...

6CVSS5.9AI score0.01781EPSS
Exploits0References6
Prion
Prion
added 2015/08/17 8:59 p.m.24 views

Design/Logic Flaw

The Service Provider SP in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due ...

6CVSS6.7AI score0.0196EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2015/08/17 8:59 p.m.21 views

Code injection

The 1 Service Provider SP and 2 Identity Provider IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown...

6CVSS7.4AI score0.0196EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2015/08/17 8:59 p.m.20 views

CVE-2015-0277

The Service Provider SP in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due ...

6CVSS5.6AI score0.0196EPSS
Exploits0References6
Cvelist
Cvelist
added 2015/08/17 8:0 p.m.28 views

CVE-2015-6254

The 1 Service Provider SP and 2 Identity Provider IdP in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown...

5.9AI score0.01781EPSS
Exploits0References6
Cvelist
Cvelist
added 2015/08/17 8:0 p.m.30 views

CVE-2015-0277

The Service Provider SP in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due ...

5.6AI score0.0196EPSS
Exploits0References6
CVE
CVE
added 2015/08/17 8:0 p.m.62 views

CVE-2015-0277

CVE-2015-0277 affects Red Hat JBoss PicketLink (SP/IdP) prior to 2.7.0. The flaw is failure to ensure the SP is a member of an Audience when an AudienceRestriction is specified, enabling a remote attacker to log in to other users’ accounts via a crafted SAML assertion. Related issue CVE-2015-6254...

6CVSS6.3AI score0.0196EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 2015/08/17 8:10 a.m.2 views

subversion: (mod_dav_svn) remote denial of service with certain requests with dynamically evaluated revision numbers

An assertion failure flaw was found in the way the SVN server processed certain requests with dynamically evaluated revision numbers. A remote attacker could use this flaw to cause the SVN server both svnserve and httpd with the moddavsvn module to crash...

5CVSS7.4AI score0.12841EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/08/17 8:10 a.m.35 views

Moderate: Red Hat Security Advisory: subversion security update

Updated subversion packages that fix three security issues are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available...

5CVSS6.8AI score0.12841EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/08/14 12:0 a.m.100 views

McAfee Firewall Enterprise DoS (SB10126)

The remote host has a version of McAfee Firewall Enterprise installed that is affected by a denial of service vulnerability due to an assertion flaw that occurs when handling TKEY queries. A remote attacker can exploit this, via a specially crafted request, to cause a REQUIRE assertion failure an...

7.8CVSS6.9AI score0.91284EPSS
Exploits12References2
0day.today
0day.today
added 2015/08/12 12:0 a.m.24 views

NeuroServer 0.7.4 Denial Of Service

NeuroServer version 0.7.4 suffers from a remote denial of service vulnerability. !/usr/bin/env python NeuroServer 0.7.4 Remote DoS Shown at DEF CON 23 BioHacking Village Brain Waves Surfing - InSecurity in EEG Electroencephalography Technologies Slides: http://goo.gl/44r1HH NeuroServer is an EEG...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2015/08/12 12:0 a.m.24 views

NeuroServer 0.7.4 - EEG TCPIP Transceiver Remote Denial of Service

NeuroServer 0.7.4 - EEG TCPIP Transceiver Remote Denial of Service !/usr/bin/env python NeuroServer 0.7.4 Remote DoS Shown at DEF CON 23 BioHacking Village Brain Waves Surfing - InSecurity in EEG Electroencephalography Technologies Slides: http://goo.gl/44r1HH NeuroServer is an EEG...

0.1AI score
Exploits0
Debian
Debian
added 2015/08/10 9:1 p.m.21 views

[SECURITY] [DLA 290-2] opensaml2 security update

Package : opensaml2 Version : 2.3-2+squeeze2 CVE ID : CVE-2015-0851 It was discovered that opensaml2, a Security Assertion Markup Language library, needed to be rebuilt against a fixed version of the xmltooling package due to its use of macros vulnerable to CVE-2015-0851 as fixed in the DSA 3321-...

5CVSS7.4AI score0.02444EPSS
Exploits0
Rows per page
Query Builder