phpMyAdmin Double URL Decoding XSS Vulnerability (PMASA-2016-16) - Linux

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Apple Core Graphics BMP Framework img_decode_read Remote Code Execution Vulnerability

Apple's CoreGraphics library is an API for users to create and manipulate graphic elements. A remote code execution vulnerability exists in Apple OS X and iOS when working with BMP images. An attacker could use this vulnerability to embed malicious exploit code in a BMP image resulting in an...

UBUNTU-CVE-2016-2507

Integer overflow in codecs/on2/h264dec/source/h264bsdstorage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a...

Adobe Flash - LMZA Property Decoding Heap Corruption

Adobe Flash - LMZA Property Decoding Heap Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=790 Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows:...

Adobe Flash - LMZA Property Decoding Heap Corruption

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=790 Loading the attached image causes heap corruption due to LMZA property decoding. To reproduce the issue, load the attach file '6' using LoadImage.swf as follows: LoadImage.swf?img=6 The issue sometimes takes multiple refreshes ...

The vulnerability of the Firefox browser, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

Overfilling the buffer in the Speex decoder of the Web Audio subsystem in Mozilla Firefox allows malicious actors to execute arbitrary code using specially crafted AudioBuffer channel counters and decoding frequencies...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

DEBIAN-CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

Cross site scripting

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

UBUNTU-CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

CVE-2016-5099

CVE-2016-5099 pertains to a cross-site scripting (XSS) vulnerability in phpMyAdmin. The issue affects phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2, allowing remote attackers to inject arbitrary web script or HTML via characters mishandled during double URL decoding. Public advisories i...

CVE-2016-5099

Cross-site scripting XSS vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mishandled during double URL decoding...

The vulnerability of the Linter Bastion database management system allows a malicious individual to decode user credentials.

User accounts in a database are stored in the system table “$$$USR”. This table contains the names of users and their encrypted passwords. By default, the Linter Bastion database management system encrypts user passwords using the user’s name as the encryption key; that is, the encryption key is...

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS)

Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise IOCs? Great! No need to run further analysis or hire expensive experts to determine if a file is malicious...

V8 browser kernel vulnerability, which allows a hacker to obtain confidential information

The vulnerability of the uri.js component in the V8 browser kernel arises from the use of an incorrect array type. Exploiting this vulnerability may allow a remote attacker to obtain confidential information by calling the URL decoding function...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability in the file mm-video-v4l2/vidc/vdec/src/omxvdecmsm8974.cpp of the Android operating system is related to incorrect pointer handling. Exploiting this vulnerability can allow a malicious actor to gain increased privileges through a specially created application...

DEBIAN-CVE-2016-4353

ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder stack overflows, which allows remote attackers to cause a denial of service abort via crafted BER data...