Cisco ASA Local Path Inclusion Vulnerability (cisco-sa-20141008-asa)

A vulnerability in the function that exports environment variables of Cisco ASA Software could allow an authenticated, local attacker to inject a malicious library and take complete control of the system. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a...

ManageEngine ServiceDesk Plus 9.0 - SQL Injection

================================================================================ REWTERZ-20140101 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk SQL Injection Vulnerability Product: ServiceDesk Plus...

X (Formerly Twitter): URGENT - SUBDOMAIN TAKEOVER ON TWITTER ACQ.

Hello Twitter Security Team, I reccomend you to read this report with the maximum attention! This is the same isse that you ever see here: https://hackerone.com/reports/42236 and here https://hackerone.com/reports/32825. Well ,now, the acquisition where I found this domain is: trendrr.tv..Before...

Microsoft Scripting Runtime Object Library Use-After-Free Code Execution (MS13-099) - Ver2 (CVE-2013-5056)

A remote code execution vulnerability has been reported in the Microsoft Scripting Runtime Object Library. The vulnerability is caused due to an error in the way Microsoft Scripting Runtime Object Library handles objects in memory. A remote attacker can exploit this issue by enticing a user to op...

CVE-2014-7824

D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and 1.9.x before 1.9.2 allows local users to cause a denial of service prevention of new connections and connection drop by queuing the maximum number of file descriptors. NOTE: this vulnerability exists because of an incomplete fix fo...

Android "Fake ID" Vulnerability Allows Malware to Impersonate Trusted Apps

Due to the majority in the mobile platform, Google’s Android operating system has been a prior target for cybercriminals and a recently exposed weakness in the way the operating system handles certificate validation, left millions of Android devices open to attack. Researchers at BlueBox security...

Oracle Solaris Critical Patch Update : july2013_SRU11_1_9_5_1

This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: Driver/IDM iSCSI Data Mover. The supported version that is affected is 11. Easily exploitable vulnerability allow...

Solaris 8 (x86) : 121973-06

Vulnerability in the Solaris component of Oracle and Sun Systems Products Suite subcomponent: sockfs. Supported versions that are affected are 8, 9, 10 and 11.1. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorize...

Microsoft Windows Ancillary Function Driver Elevation of Privilege Vulnerability (2975684)

This host is missing a critical security update according to Microsoft Bulletin MS14-040. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability

No description provided by source...

Outpost Firewall PRO 4.0 - Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22069/info Outpost Firewall PRO is prone to a local privilege-escalation vulnerability because it fails to perform adequate SSDT System Service Descriptor Table hooking on files in its installation directory. A local...

Oracle January 2007 Security Update Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/22083/info Oracle has released a Critical Patch Update advisory for January 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The...

Linux Kernel 2.6.x 'fasync_helper()' Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37806/info Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complet...

Jokes Complete Website joke.php id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/37852/info EasySiteNetwork Jokes Complete Website is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

ISPmanager 4.2.15 Responder Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26503/info ISPmanager is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to gain elevated privileges on the affected computer. A successful exploit will lead to the complete...

iPlanet 4.1 Web Publisher Remote Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2732/info iPlanet Webserver is an http server product offered by the Sun-Netscape Alliance. By sending a specially crafted request composed of at least 2000 characters it is possible to cause a buffer overflow. This could...

DirectAdmin <= 1.33.3 '/CMD_DB' Backup Action Insecure Temporary File Creation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34676/info DirectAdmin creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic link attacks to overwrite arbitrary attacker-specified files. Th...

HP Tru64 4.0/5.1 - POSIX Threads Library Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21035/info HP Tru64 is prone to a local privilege-escalation vulnerability. Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. Successful exploits will result in a complete...

Anti-Trojan Elite 4.2.1 - Atepmon.sys IOCTL Request Local Overflow

No description provided by source. source: http://www.securityfocus.com/bid/32202/info ISecSoft Anti-Trojan Elite and Anti-Keylogger Elite are prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to execute arbitrary code with elevated privileges, whi...

Novell GroupWise 6.5.3 Client Local Integer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14952/info Novell GroupWise Client is prone to a local integer overflow vulnerability. The attacker may leverage this issue to corrupt process memory, which may lead to a crash or arbitrary code execution. A complete...