UBUNTU-CVE-2016-6747

A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA...

Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread Use-After-Free Exploit

A specially crafted web-page can cause the iertutil.dll module of Microsoft Internet Explorer 11 to free some memory while it still holds a reference to this memory. The module can be made to use this reference after the memory has been freed. Unlike many use-after-free bugs in MSIE, this issue,...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2016-11328)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

Reason Core Security 1.1.2 Privilege Escalation Vulnerability

Reason Core Security version 1.1.2 suffers from an unquoted service path privilege escalation vulnerability. ===================================================== Exploit Title : Reason Core Security - Unquoted Service Path Privilege Escalation Affected Products: Reason Core Security v1.1.2 -...

VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit

Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...

Microsoft Video Control Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...

Sophos Web Appliance 4.2.1.3 Privilege Escalation Vulnerability

Sophos Web Appliance version 4.2.1.3 suffers from a privilege escalation vulnerability. An unprivileged user can obtain an MD5 hash of the administrator password which can then be used to discover the plain-text password. Title: Sophos Web Appliance Privilege Escalation Advisory ID: KL-001-2016-0...

Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the second entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161102001.html. There you can find a repro that...

Revive Adserver: Reflected XSS on Zones > Invocation Code

"Cricetinae" : This report is similar to my earlier report: 170156. Short Description The Close text parameter in Inventory Zone Invocation Code is vulnerable to Cross-Site Scripting vulnerability. Steps to Reproduce 1. Logon or Work as an agent. 2. Navigate to Inventory Zones Invocation Code...

New Relic: Potential sub-domain hijacking

Hey New Relic Security team, I noticed what appeared to be a configuration oversight and I wanted to mention it to you. The following domains are currently pointing to Fastly: fr.newrelic.com 151.101.192.207 es.newrelic.com 151.101.0.207 When you visit them, you should see something like this:...

Google Chrome Scheme Bypass Vulnerability

Google Chrome is a popular web browser. Google Chrome vulnerability has a security flaw. An attacker can exploit the vulnerability to bypass security restrictions...

GDI+ Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploited the vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data...

Microsoft Video Control Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...

Revive Adserver: Stored XSS on Admin Access Page - Email field

"Cricetinae" : Short Description The Email field is not sanitized on Inventory Admin Access page resulting in to Stored Cross-Site Scripting vulnerability. Vulnerability Details Cross-Site Scripting issue let's one to run a javascript of choice. It helps most of the client side risks including bu...

Attack Leverages Windows Safe Mode

Researchers warn the Windows diagnostic feature Safe Mode can be used as a remote attack vector by hackers who already have access to a compromised PC or server. The method of attack is unusual, researchers said, and places attention on the diagnostic tool used to fix PC problems and remove...

HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

Red Hat QuickStart Cloud Installer (QCI) Local Information Disclosure Vulnerability

Red Hat QuickStart Cloud Installer QCI is a web-based GUI configuration cloud product. A local information disclosure vulnerability exists in Red Hat QuickStart Cloud Installer QCI. An attacker could exploit the vulnerability to obtain sensitive information that could be useful in launching furth...

HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

Shopify: Open redirect using checkout_url

Hi , I would like to report an open redirect issue in .myshopify.com/account/logout and .myshopify.com/account/login Details: Your application allow redirecting to https://checkout.shopify.com/ through https://.myshopify.com/account/logout?returnurl= The page https://checkout.shopify.com/ will...

PHP: sets environmental variable based on user supplied Proxy request header

It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...