CVE-2016-3574

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3575, CVE-2016-357...

Foreman Information Disclosure Vulnerability (CNVD-2016-05037)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. A security vulnerability exists in Foreman that could be exploited by an attacker to submit a special request for sensitive information...

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...

Vulnerability of Microsoft SQL Server software, allowing a malicious entity to compromise the accessibility of protected information

There is a vulnerability in SQL Server that can cause a service failure. If exploited successfully, a malicious individual can trigger a server failure before it can be restarted manually...

SQLite Tempdir Selection Vulnerability

Vulnerability Details Affected Vendor: SQLite/Hwaci Affected Product: SQLite Affected Version: All versions prior to 3.13.0 Platform: UNIX, GNU/Linux CWE Classification: CWE-379: Creation of Temporary File in Directory with Incorrect Permissions Impact: Data Leakage Attack vector: Local 2...

Ubiquiti Administration Portal CSRF / Remote Command Execution

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date: 2016.06.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt 1...

libarchive 7z parser null pointer access vulnerability

libarchive is a multi-format archive and compression library. A security vulnerability exists in libarchive's 7z parser that can be exploited by an attacker to cause null pointer access...

SAP Netweaver AS Java - XXE vulnerability in Visual Composer VC70RUNTIME

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2386873 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact:...

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...

Like Macros Before It, Attackers Shifting to OLE to Spread Malware

Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggest...

Microsoft Exchange Information Disclosure Vulnerability

An email filter bypass exists in the way that Microsoft Exchange parses HTML messages that could allow information disclosure. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online if the user views email messages using Outlook Web Access OW...

Unspecified vulnerability in ntpd (CNVD-2016-03821)

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. An unspecified vulnerability exists in versions of ntpd prior to 4.2.8p8. An attacker can exploit this vulnerability to affect siblin...

Apple iTunes Arbitrary Code Execution Vulnerability

Apple iTunes is a suite of media player applications from the American company Apple. A security vulnerability exists in Apple iTunes versions prior to 12.4, which can be exploited by an attacker to execute arbitrary code...

CVE-2016-1098

Technical details for CVE-2016-1098 are not publicly available in the provided documents. Monitor for updates; based on current sources, specifics on affected components, impact, or fixes are not disclosed here.

File Hub Input Validation Vulnerability

File Hub provides easy access to files on iOS Devices, Cloud Services and remote computers. An input validation vulnerability exists in File Hub. An attacker can inject malicious persistent code into the mobile application...

emblog file upload vulnerability

emlog is the short form of "Every Memory Log", meaning: a little bit of memory. It is a PHP language and MySQL database based on open source, free, powerful personal or multi-person co-authored blog system blog. PHP and MySQL-based powerful blog and CMS site-building system . A security...

New Relic: rpm.newrelic.com - monitor creation to other accounts

It is possible to create monitors for other users by changing the user id in the body of the post request when creating a new monitor. Even though my tests were unsuccessful in a XSS on the monitor information, it may be an attack vector to other vulnerabilities since the monitor information show...

FreeBSD : activemq -- Unsafe deserialization (a258604d-f2aa-11e5-b4a9-ac220bdcec59)

Alvaro Muatoz, Matthias Kaiser and Christian Schneider reports : JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message...

Microsoft .NET Framework XML Validation Security Feature Bypass Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...