My Dex Complete: Alpha & Omega - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application My Dex Complete: Alpha & Omega published at the 'play' market has multiple vulnerabilities...

Veris: Complete Profile URL is not Random and not expiring

This issue refers to a token non expiry issue and vulnerable uri patterns for onboarding process. The On Boarding process of Veris was revamped after a few such similar reports...

Samsung Windows Laptop Owners Urged To Download Fix To MitM Vulnerability

Samsung laptop owners are being urged to update their Windows PCs after the discovery of a vulnerability that can allow remote attackers to download files onto a targeted system and gain complete control over the laptop. The flaw is tied to a feature called “Samsung SW Update Tool 2.2.5.16”...

cacti -- multiple vulnerabilities

The Cacti Group, Inc. reports: Changelog bug:0002652: CVE-2015-8604: SQL injection in graphsnew.php bug:0002655: CVE-2015-8377: SQL injection vulnerability in the hostnewgraphssave function in graphsnew.php bug:0002656: Authentication using web authentication as a user not in the cacti database...

CVE-2015-8327

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via backtick characters in a print job...

MGASA-2015-0415 Updated virtualbox packages fix security vulnerabilities

A vulnerability in the Oracle VM VirtualBox component prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32 and 5.0.8. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash...

AirDrop Bug in Apple iOS and OSX allows Hackers to Install Malware Silently

With the launch of iOS 9, Apple gave us an ultimate reason to upgrade our Apple devices to its new operating system. The latest iOS 9 includes a security update for a nasty bug that could be exploited to take full control of your iPhone or Macs, forcing most of the Apple users to download the...

Microsoft .NET Framework Privilege Elevation Vulnerabilities (3089662)

This host is missing an important security update according to Microsoft Bulletin MS15-101. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft .NET Framework CVE-2015-2480 Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges in the context of the currently logged-in user; this can also result in the attacker gaining complete control of the affected system. Technologies...

Heroes of Might and Magic III - '.h3m' Map file Buffer Overflow (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'zlib' class Metasploit3 'Heroes of Might and Magic III .h3m Map file Buffer Overflow', 'Description' = %q This module embeds an exploit into a...

Microsoft Issues Critical, Out-of-Band Patch for All Versions of Windows

Microsoft released an out-of-band patch Monday that addresses a critical remotely exploitable flaw in all versions of Windows. The vulnerability stems from how Windows’ Adobe Type Manager Library handles OpenType fonts. If a user was tricked into either opening a rigged document or visiting an...

NVIDIA Graphics Driver Pointer Dereference Privilege Escalation (Unix / Linux)

The NVIDIA graphics driver installed on the remote host is affected by a privilege escalation vulnerability, due to a pointer dereferencing flaw in the kernel module, which allows a local attacker to gain complete control of the system. C Tenable Network Security, Inc. include"compat.inc"; if...

ESC 8832 Data Controller Multiple Vulnerabilities

Exploit for hardware platform in category web applications =begin Exploit Title: ESC 8832 Data Controller multiple vulnerabilities Date: 2014-05-29 Platform: SCADA / Web Application Exploit Author: Balazs Makany Vendor Homepage: www.envirosys.com Version: ESC 8832 Data Controller Hardware Tested...

Juniper Networks Junos OS Local Security Bypass Vulnerability

Junos OS is prone to a local security bypass which may lead to complete administrative access. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows AVI File Data Validation Integer Overflow (MS09-038) - Ver2 (CVE-2009-1546)

Audio Video Interleave AVI is a special case of Resource Interchange File Format RIFF.This file type used with applications that capture, edit, and play back audio-video sequences. The vulnerability is due to an error in the Windows component responsible for processing AVI files that does not...

Adobe Acrobat PDF File Array Type Error Memory Corruption (APSB12-16) - Ver2 (CVE-2012-4147)

A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to memory corruption while handling specially crafted PDF files. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file with an affected versi...

Adobe Acrobat and Reader U3D Texture Parsing Buffer Overflow (APSB12-16) - Ver2 (CVE-2012-2049)

A stack buffer overflow vulnerability has been reported in Adobe Reader. The vulnerability is due to lack of bounds checking when handling PDF files containing specially crafted strings. A remote attacker can exploit this issue by enticing a target user to open a specially crafted PDF file...

HotExBilling Manager 73 Cross Site Scripting

Title: ==== HotExBilling Manager – Cross-site scripting XSS vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com CVE: ===== CVE-2015-2781 Date: ==== 12-03-2015 dd/mm/yyyy Vendor: ====== Hotspot Express has been in the billing solution business sinc...

KLA10524 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or have other unknown impact. Below is a complete list of vulnerabilities 1. Improper IPC interaction handling can be exploited...

CVE-2015-2265

The removebadchars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the 1 model or 2 PDL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2707...