HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

Red Hat QuickStart Cloud Installer (QCI) Local Information Disclosure Vulnerability

Red Hat QuickStart Cloud Installer QCI is a web-based GUI configuration cloud product. A local information disclosure vulnerability exists in Red Hat QuickStart Cloud Installer QCI. An attacker could exploit the vulnerability to obtain sensitive information that could be useful in launching furth...

HTTPD: sets environmental variable based on user supplied Proxy request header

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

Shopify: Open redirect using checkout_url

Hi , I would like to report an open redirect issue in .myshopify.com/account/logout and .myshopify.com/account/login Details: Your application allow redirecting to https://checkout.shopify.com/ through https://.myshopify.com/account/logout?returnurl= The page https://checkout.shopify.com/ will...

PHP: sets environmental variable based on user supplied Proxy request header

It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker-controlled proxy via a malicious HTTP request...

CVE-2016-3574

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3575, CVE-2016-357...

Foreman Information Disclosure Vulnerability (CNVD-2016-05037)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. A security vulnerability exists in Foreman that could be exploited by an attacker to submit a special request for sensitive information...

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...

Microsoft Office Memory Corruption Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the Office software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on wit...

Vulnerability of Microsoft SQL Server software, allowing a malicious entity to compromise the accessibility of protected information

There is a vulnerability in SQL Server that can cause a service failure. If exploited successfully, a malicious individual can trigger a server failure before it can be restarted manually...

SQLite Tempdir Selection Vulnerability

Vulnerability Details Affected Vendor: SQLite/Hwaci Affected Product: SQLite Affected Version: All versions prior to 3.13.0 Platform: UNIX, GNU/Linux CWE Classification: CWE-379: Creation of Temporary File in Directory with Incorrect Permissions Impact: Data Leakage Attack vector: Local 2...

Ubiquiti Administration Portal CSRF / Remote Command Execution

KL-001-2016-002 : Ubiquiti Administration Portal CSRF to Remote Command Execution Title: Ubiquiti Administration Portal CSRF to Remote Command Execution Advisory ID: KL-001-2016-002 Publication Date: 2016.06.28 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2016-002.txt 1...

libarchive 7z parser null pointer access vulnerability

libarchive is a multi-format archive and compression library. A security vulnerability exists in libarchive's 7z parser that can be exploited by an attacker to cause null pointer access...

SAP NetWeaver AS Java 7.5 XXE in com.sap.km.cm.ice

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 11.04.2017 Reference: SAP Security Note 2387249 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE...

SAP Netweaver AS Java - XXE vulnerability in Visual Composer VC70RUNTIME

Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA 7.5 Vendor URL: SAP Bugs: XXE Reported: 17.06.2016 Vendor response: 18.06.2016 Date of Public Advisory: 14.02.2017 Reference: SAP Security Note 2386873 Author: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: XXE Impact:...

Like Macros Before It, Attackers Shifting to OLE to Spread Malware

Attackers have rekindled their love affair with Windows macros over the last few years, using the series of automated Office commands as an attack vector to spread malware. And while hackers will surely continue to use macros, at least until the technique becomes ineffective, new research suggest...

Microsoft Exchange Information Disclosure Vulnerability

An email filter bypass exists in the way that Microsoft Exchange parses HTML messages that could allow information disclosure. An attacker who successfully exploited the vulnerability could identify, fingerprint, and track a user online if the user views email messages using Outlook Web Access OW...

Unspecified vulnerability in ntpd (CNVD-2016-03821)

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. An unspecified vulnerability exists in versions of ntpd prior to 4.2.8p8. An attacker can exploit this vulnerability to affect siblin...

Apple iTunes Arbitrary Code Execution Vulnerability

Apple iTunes is a suite of media player applications from the American company Apple. A security vulnerability exists in Apple iTunes versions prior to 12.4, which can be exploited by an attacker to execute arbitrary code...

CVE-2016-1098

Technical details for CVE-2016-1098 are not publicly available in the provided documents. Monitor for updates; based on current sources, specifics on affected components, impact, or fixes are not disclosed here.