8286 matches found
CVE-2016-9535
tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...
CVE-2016-9535
tifpredict.h and tifpredict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor heap-buffer-overflow."...
Crestron AM-100 - Multiple Vulnerabilities
Crestron AM-100 - Multiple Vulnerabilities ================================================================= Crestron AM-100 Multiple Vulnerabilities ================================================================= Date: 2016-08-01 Exploit Author: Zach Lanier Vendor Homepage:...
TP-LINK TDDP Multiple Vulnerabilities
1. Advisory Information Title: TP-LINK TDDP Multiple Vulnerabilities Advisory ID: CORE-2016-0007 Advisory URL:https://www.coresecurity.com/core-labs/advisories/tp-link-tddp-multiple-vulnerabilities Date published: 2016-11-21 Date of last update: 2016-11-18 Vendors contacted: TP-Link Release mode:...
USN-3130-1 openjdk-7 vulnerabilities
It was discovered that OpenJDK did not restrict the set of algorithms used for Jar integrity verification. An attacker could use this to modify without detection the content of a JAR file, affecting system integrity. CVE-2016-5542 It was discovered that the JMX component of OpenJDK did not...
DLA-706-1 python-django - security update
Bulletin has no description...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
Updated python-django packages fix security vulnerabilities
User with hardcoded password created when running tests on Oracle When running tests with an Oracle database, Django creates a temporary database user. In older versions, if a password isn't manually specified in the database settings TEST dictionary, a hardcoded password is used. This could allo...
Rapid PHP Editor IDE 14.1 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications + Credits: John Page aka hyp3rlinx Vendor: ====================== www.rapidphpeditor.com Product: =============================== Rapid PHP Editor IDE rapidphp2016.exe v14.1 Rapid PHP editor is a faster and more powerful PHP editor for Windows...
Ubuntu: Security Advisory (USN-3121-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Rapid PHP Editor 14.1 - Remote Command Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt + ISR: Apparition Security Vendor: ====================== www.rapidphpeditor.com Product: =============================== Rapid PHP Editor...
Rapid PHP Editor 14.1 - Remote Command Execution
Rapid PHP Editor 14.1 - Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/RAPID-PHP-EDITOR-REMOTE-CMD-EXEC.txt + ISR: Apparition Security Vendor: ====================== www.rapidphpeditor.com Produc...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
OpenJDK: insufficient checks of JDWP packets (Hotspot, 8159519)
It was discovered that the Hotspot component of OpenJDK did not properly check received Java Debug Wire Protocol JDWP packets. An attacker could possibly use this flaw to send debugging commands to a Java program running with debugging enabled if they could make victim's browser send HTTP request...
USN-3115-1 python-django vulnerabilities
Marti Raudsepp discovered that Django incorrectly used a hardcoded password when running tests on an Oracle database. A remote attacker could possibly connect to the database while the tests are running and prevent the test user with the hardcoded password from being removed. CVE-2016-9013 Aymeri...
GATTacker - BLE (Bluetooth Low Energy) Man-in-the-Middle
A Node.js package for BLE Bluetooth Low Energy security assessment using Man-in-the-Middle and other attacks. Prerequisites see: https://github.com/sandeepmistry/noble https://github.com/sandeepmistry/bleno Install npm install gattacker Usage Configure Running both components Set up variables in...
Bitcoin Knots is vulnerable
Bitcoin is an e-currency, digital currency developed with open-source P2P software by the Bitcoin Foundation, and is an online virtual currency.Bitcoin Knots is one of the clients. A security vulnerability exists in Bitcoin Knots versions v0.11.0.ljr20150711 to v0.13.0.knots20160814, which stems...
UBUNTU-CVE-2016-9014
Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3, when settings.DEBUG is True, allow remote attackers to conduct DNS rebinding attacks by leveraging failure to validate the HTTP Host header against settings.ALLOWEDHOSTS...
django -- multiple vulnerabilities
The Django project reports: Today the Django team released Django 1.10.3, Django 1.9.11, and 1.8.16. These releases addresses two security issues detailed below. We encourage all users of Django to upgrade as soon as possible. User with hardcoded password created when running tests on Oracle DNS...