Binary File Descriptor Library (libbfd) - Out-of-Bounds Crash

No description provided by source. Many shell users, and certainly a lot of the people working in computer forensics or other fields of information security, have a habit of running /usr/bin/strings on binary files originating from the Internet. Their understanding is that the tool simply scans t...

Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation Vulnerability

No description provided by source. ? Asseco SEE iBank FX Client = 2.0.9.3 Local Privilege Escalation Vulnerability Vendor: Asseco SEE Product web page: http://www.asseco.com Affected version: 2.0.9.3 Build 22.06.2011 - Desktop/Enterprise Edition 1.2 1.1.5.1270 Service Pack 5 - Desktop Edition...

IBM DB2 db2start Format String Arbitrary Code Execution

No description provided by source. source: http://www.securityfocus.com/bid/8989/info Multiple command-line parameter format string vulnerabilities have been discovered in various IBM DB2 binaries. Specifically, format-based functions are implemented erroneously within the db2govd, db2start, and...

SunOS <= 4.1.1 /usr/release/bin/makeinstall Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21/info This applies to sites that have installed Sun Source tapes only. The Sun distribution of sources sunsrc has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files...

CVE-2014-2327

Cross-site request forgery CSRF vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that 1 modify binary files, 2 modify configurations, or 3 add arbitrary users...

CVE-2014-2327

Cross-site request forgery CSRF vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by requests that 1 modify binary files, 2 modify configurations, or 3 add arbitrary users...

ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan

ZeuS, or Zbot is one of the oldest families of financial malware, it is a Trojan horse capable to carry out various malicious and criminal tasks and is often used to steal banking information. It is distributed to a wide audience, primarily through infected web pages, spam campaigns and drive-by...

Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation

Asseco SEE iBank FX Client = 2.0.9.3 Local Privilege Escalation Vulnerability Vendor: Asseco SEE Product web page: http://www.asseco.com Affected version: 2.0.9.3 Build 22.06.2011 - Desktop/Enterprise Edition 1.2 1.1.5.1270 Service Pack 5 - Desktop Edition 1.1.5.1247 1.0 Application download...

Microsoft Word内存破坏漏洞

BUGTRAQ ID: 64726 CVECAN ID: CVE-2014-0258 Microsoft Word 属于办公软件是微软公司的一个文字处理器应用程序。 受影响Microsoft Word 软件解析特制文件时存在远程代码执行漏洞，成功利用这些漏洞后，可导致完全控制受影响系统。 0 Microsoft Word 2013 Microsoft Word 2010 Microsoft Word 2007 Microsoft Word 2003 临时解决方法： 安装配置MOICE为.doc文件的注册处理程序； 用Office文件阻止策略阻止打开.doc和.dot二进制文件；...

Arbitrary file or URL download in ExportWordPageServer

To reproduce: 1. Create a new page. 2. Insert an image with URL: code:none file:///etc/passwd code Edit the page, click +, click Image, select the From the Web tab, enter the file: URL shown above, click Insert, click Save. The image appears invisible on some browsers, but you can verify its...

Arbitrary file or URL download in ExportWordPageServer

To reproduce: 1. Create a new page. 2. Insert an image with URL: code:none file:///etc/passwd code Edit the page, click +, click Image, select the From the Web tab, enter the file: URL shown above, click Insert, click Save. The image appears invisible on some browsers, but you can verify its...

Adobe releases open source malware classification tool

Adobe releases open source malware classification tool Adobe Systems has released a malware classification tool in order to help security incident first responders, malware analysts and security researchers more easily identify malicious binary files. The 'Adobe Malware Classifier' tool uses...

Rootkit Hunter - Rootkit scanning tool

Rootkit Hunter - Rootkit scanning tool Rootkit scanner is scanning tool to ensure you for about 99.9% you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: - MD5 hash compare - Look for default files used by rootkits - Wrong file...

[security bulletin] HPSBMA02307 SSRT071420 rev.1 - HP OpenView Network Node Manager &#40;OV NNM&#41; Remote Denial of Service &#40;DoS&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01321117 Version: 1 HPSBMA02307 SSRT071420 rev.1 - HP OpenView Network Node Manager OV NNM Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as...

Code injection

Unspecified vulnerability in the 1 Windows Services for UNIX 3.0 and 3.5, and 2 Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."...

CVE-2007-3036

Unspecified vulnerability in the 1 Windows Services for UNIX 3.0 and 3.5, and 2 Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."...

CVE-2007-3036

Unspecified vulnerability in the 1 Windows Services for UNIX 3.0 and 3.5, and 2 Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."...

Microsoft Windows Services for UNIX privilege escalation vulnerability

Overview Microsoft Windows Services for UNIX contains a vulnerability that may allow a local, authenticated attacker to gain elevated privileges. Description Windows Services for UNIX fails to properly handle setuid binary files. An attacker may be able to trigger this vulnerability by running a...

MS07-053: Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

The remote host is running a version of the Windows Services for UNIX that is vulnerable to a local privileges elevation due to a flaw in different setuid binary files. An attacker may use this to elevate his privileges on this host. Tenable Network Security, Inc. include"compat.inc"; if...

Low: Red Hat Security Advisory: perl security update

Updated Perl packages that fix security issues and contain several bug fixes are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system...