Microsoft IE Memory Corruption Vulnerability (CNVD-2015-01683)

Microsoft Internet Explorer is a popular WEB browser. An unspecified memory corruption vulnerability exists in Microsoft Internet Explorer that could allow an attacker to construct a malicious web page and trick a user into parsing it, which could crash the application or execute arbitrary code...

Angler Exploit Kit Uses Domain Shadowing technique to Evade Detection

The world’s infamous Angler Exploit Kit has become the most advanced, much more powerful and the best exploit kit available in the market, beating the infamous BlackHole exploit kit, with a host of exploits including zero-days and a new technique added to it. Angler Exploit Kit's newest technique...

D-Link DIR636L Remote Command Injection Vulnerability

D-Link DIR636L suffers from a remote command injection vulnerability. SWISSCOM CSIRT SECURITY ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2015-1187 Product: D-Link DIR636L Vendor: D-Link Subject: Remote Command Injection - Incorrect Authentication Effect: Remotely exploitable Author:...

Google Play services information disclosure vulnerability

Google Play is an online app store developed by Google for Android devices. Google Play services suffers from an information disclosure vulnerability that allows an attacker to gain access to a Google account through a carefully crafted application...

Microweber 0.95 - SQL Injection Vulnerability

Exploit Title: Microweber 0.95 - SQL Injection Vulnerability Vendor: https://microweber.com/ Download link: https://microweber.com/download https://github.com/microweber/microweber CVE ID: CVE-2014-9464 Vulnerability: SQL Injection Affected version: Version 0.95 before 12/09/2014. Fixed version:...

Vala 'Gst.MapInfo()' Function Denial of Service Vulnerability

Vala is a programming language for the GObject system based on Gnome, developed by software developers Jurg Billeter and Raffaele Sandrini. A denial of service vulnerability exists in the Vala 'Gst.MapInfo' function, which could allow a context-sensitive attacker to launch a denial of service...

asterisk -- Mitigation for libcURL HTTP request injection vulnerability

The Asterisk project reports: CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its funccurl.so module the CURL dialplan function, as well as its resconfigcurl.so cURL realtime backend modules. Since Asterisk may be configured to allow for...

openSUSE Security Update : ntp (openSUSE-SU-2014:1670-1)

The network timeservice ntp was updated to fix critical security issues bnc910764, CERT VU852879 - A potential remote code execution problem was found inside ntpd. The functions cryptorecv when using autokey authentication, ctlputdata, and configure where updated to avoid buffer overflows that...

WordPress A.F.D. Theme Echelon Arbitrary File Download

Name: Wordpress A.F.D Theme Echelon / INURL - BRASIL Description: This exploit allows attacker to download any writable file from the server Usage info: Put the path of the file in the file's field of the exploit ,then click "Download" button then you get the file directly File download /etc/pass...

CVE-2014-8627

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

Ebay Magento Bug Bounty #1 - Persistent API Vulnerability

Document Title: =============== Ebay Magento Bug Bounty 1 - Persistent API Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1202 eBay Inc. Bug Bounty Program ID: EIBBP-26643 Release Date: ============= 2014-11-17 Vulnerability Laboratory ID...

php: multiple buffer over-reads in php_parserr

Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...

Enalean Tuleap 7.2 - XML External Entity File Disclosure

Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...

Sandworm（CVE-2 0 1 4-4 1 1 4 related to the threat of a comprehensive analysis of the report — and to chasing shadows Security Platform detection problem of the complex disk-vulnerability warning-the black bar safety net

1 threat card and introduction ! CVE-2 0 1 4-4 1 1 4 is in the OLE package Manager the INF arbitrary code execution vulnerability, the vulnerability affects Win Vista, Win7 and aboveoperating system, the attackers used PowerPoint as an attack vector, the vulnerability is in the Microsoft Windows...

Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

Document Title: =============== Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1341 Release Date: ============= 2014-10-14 Vulnerability Laboratory ID VL-ID: ====================================...

Bash Me Some More

Good morning! This is kinda long. == Background == If you are not familiar with the original bash function export vulnerability CVE-2014-6271, you may want to have a look at this article: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Well, long story short: the...

GS Foto Uebertraege 3.0 Local File Inclusion

Document Title: =============== GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID: ====================================...

Briefcase 4.0 iOS - Code Exec & File Include Vulnerability

Document Title: =============== Briefcase 4.0 iOS - Code Exec & File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1319 Release Date: ============= 2014-09-11 Vulnerability Laboratory ID VL-ID: ====================================...

Internet Bug Bounty: Flash Local Sandbox Bypass

Vulnerability already reported to adobe issue 2833 and patched CVE-2014-0554 http://helpx.adobe.com/security/products/flash-player/apsb14-21.html First of all, note that the Adobe Security Bulletin notes: 'Bas Venis and Masato Kinugawa' for the acknowledgement of this CVE. The poc I have reported...

Community Health data leak suspected of the use of the Heartbleed vulnerability-a vulnerability warning-the black bar safety net

When the Heartbleed OpenSSL vulnerability in 4 months is discovered, the security community many experts are warning that the vulnerability could be used to expose sensitive data, although at the time also there is no evidence that attackers are actively using Heartbleed vulnerability. And now, a...