Adobe Flash StyleSheet Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the StyleSheet...

CVE-2016-5768

Double free vulnerability in the phpmbregexeregreplaceexec function in phpmbregex.c in the mbstring extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allows remote attackers to execute arbitrary code or cause a denial of service application crash by leveraging a callback...

Pornhub: [RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com

Researcher was able to exploit a serialization error in the SimpleXMLElement class to perform object injection using the callbackUrl parameter. Researcher was successful in achieving the following: SSRF Local file inclusion Limited execution of database commands without output I exploited the...

DEBIAN-CVE-2016-4578

sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the 1 sndtimeruserccallback and 2 sndtimerusertinterrupt...

CVE-2016-1662

extensions/renderer/gccallback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via unknown vectors...

DEBIAN-CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

Code injection

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

UBUNTU-CVE-2016-1655

Google Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted extension...

CVE-2016-1016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different...

UBUNTU-CVE-2016-1016

Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via a flash.geom.Matrix callback, a different...

PT-2016-1666 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is related to the implementation of the Transform object in the Flash Player platform, specifically a use-after-free vulnerability involving memory usage after it has...

Uber: Information disclosure at lite.uber.com

Hello! 1. At https://lite.uber.com/auth/login I get 302-redirect to https://login.uber.com. 2. After post my email and password I get callback to https://lite.uber.com/auth/callback?code=efopqUAx2uwMOqJafHGj2OP8yNxXkf 3. At this page we can see trace stack with names of nodejs modules, full path...

Trend Micro Deep Discovery Inspector 3.83.7 - Cross-Site Request Forgery

Trend Micro Deep Discovery Inspector 3.83.7 - Cross-Site Request Forgery + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-DDI-CSRF.txt Vendor: ==================== www.trendmicro.com Product:...

WordPress Plugin Brandfolder 3.0 - Local/Remote File Inclusion

Exploit Title: Wordpress brandfolder plugin / RFI & LFI Google Dork: inurl:wp-content/plugins/brandfolder Date: 03/22/2016 Exploit Author: AMAR^SHG Vendor Homepage: https://brandfolder.com Software Link: https://wordpress.org/plugins/brandfolder/ Version: =3.0 Tested on: WAMP / Windows I-Details...

Google Chrome memory misreference vulnerability (CNVD-2016-01504)

Google Chrome is a web browser developed by the American company Google Google. A memory misreference vulnerability exists in the content/browser/webcontents/webcontentsimpl.cc file in versions of Google Chrome prior to 49.0.2623.75. A remote attacker can exploit this vulnerability to cause a...

UBUNTU-CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

CVE-2016-2549

sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via a crafted ioctl call...

Google Finance was traced to reflected File Download(RFD)vulnerabilities-vulnerability warning-the black bar safety net

! A Portuguese network security expert David Sopas found the impact of Google Finance a reflected File DownloadRFDvulnerabilities. I'm in audits of other clients time to discover this vulnerability, through RFD, you need to establish a page to force the download. This Google JSON file of the...