PT-2015-6104

Name of the Vulnerable Software and Affected Versions Rack versions prior to 1.5.4 Rack versions 1.6.x prior to 1.6.2 Description The issue allows remote attackers to cause a denial of service, resulting in a SystemStackError, via a request with a large parameter depth. This affects products that...

Author Behind Ransomware Tox Calls it Quits, Sells Platform

Earlier this week, when the author behind the crypto-ransomware Locker apologized and released decryption keys for his victims, it seemed like a change of heart, uncharacteristic for an attacker. Now another ransomware creator has also decided to cut his losses and get out of the game – but not...

McAfee ePO Deep Command Local Elevation of Privilege Vulnerability

McAfee ePO Deep Command is an extension of McAfee's primary endpoint security management product. A security vulnerability in Client Management and Gateway handling of windows search paths in McAfee ePO Deep Command allows local users to exploit the vulnerability to elevate privileges...

Design/Logic Flaw

Multiple unquoted Windows search path vulnerabilities in the 1 Client Management and 2 Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors...

CVE-2015-3987

Multiple unquoted Windows search path vulnerabilities in the 1 Client Management and 2 Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors...

CVE-2015-3987

McAfee ePO Deep Command (Client Management and Gateway) 2.1/2.2 are affected by CVE-2015-3987 due to unquoted Windows search paths leading to local privilege elevation. The issue is rooted in unquoted path handling, enabling local users to gain privileges via unspecified vectors. A patched releas...

McAfee ePolicy Orchestrator Deep Command Path Handling Local Elevation of Privilege Vulnerability

McAfee ePolicy Orchestrator is an industry-leading systems security management solution that helps organizations effectively defend against malicious threats and attacks. McAfee ePolicy Orchestrator Deep Command fails to properly handle paths and directories, allowing local attackers to exploit...

Onion.City — Search Engine for Deep Web that Works From Normal Web Browser

There is an entire section of the Internet that you probably don’t see on daily basis, it’s called the "Darknet" or "Deep Web", where all browsing is done anonymously. About a week ago, we reported about the 'Memex' Deep Web Search Engine, a Defense Advance Research Projects Agency DARPA project ...

Memex Deep Web Search Engine Tracks Cyber Criminals

A year ago, the U.S. government's Defense Advance Research Projects Agency DARPA announced a project to create a powerful new search engine that could find things on the deep web that isn't indexed by Google and other commercial search engines. The project, dubbed Memex Deep Web Search Engine , i...

Streisand

The Internet can be a little unfair. It’s way too easy for ISPs, telecoms, politicians, and corporations to block access to the sites and information that you care about. But breaking through these restrictions is tough . Or is it? Introducing Streisand A single command sets up a brand new server...

Heroku API Deep Dive Script Insertion

Document Title: =============== Heroku API Deep Dive Bug Bounty 3 - Persistent UI Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1398 BugCrowd ID: 6b37910a3c5685b944a3ad65068aa251af47450953a06b8b13d74b35d708f6b0 Acknowledgement Hall of Fame:...

CVE-2014-2382

The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service crash and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function...

CVE-2014-2382

The CVE-2014-2382 issue affects the DfDiskLo.sys driver in Faronics Deep Freeze Standard/Enterprise ≤8.10. A crafted IOCTL request allows writing to arbitrary memory via the IofCallDriver path, enabling local administrators to crash the system or execute arbitrary code with kernel-level privilege...

Faronics Deep Freeze Arbitrary Code Execution Vulnerability

Faronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability. Vulnerability title: Arbitrary Code Execution In Faronics Deep Freeze Standard and Enterprise CVE: CVE-2014-2382 Vendor: Faronics Product: Deep Freeze Standard and Enterprise Affected version:...

V8: Memory Corruption and Stack Overflow

It was discovered that V8 did not properly check the stack size limit in certain cases. A remote attacker able to send a request that caused a script executed by V8 to use deep recursion could trigger a stack overflow, leading to a crash of an application using V8...

[SECURITY] Fedora 20 Update: kstars-4.14.1-1.fc20

KStars is a Desktop Planetarium. It provides an accurate graphical simulation of the night sky, from any location on Earth, at any date and time. The display includes up to 100 million stars, 13,000 deep-sky object s, all 8 planets, the Sun and Moon, and thousands of comets and asteroids...

DEBIAN-CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

CVE-2014-5256

Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider the possibility of recursive processing that triggers V8 garbage collection in conjunction with a V8 interrupt, which allows remote attackers to cause a denial of service memory corruption and application crash via deep JSON...

Deep-Blue 1.9.2 - Arbitrary File Upload

The deep-blue WordPress theme was affected by an Arbitrary File Upload security vulnerability...

SchneiderWEB Server Directory Traversal Vulnerability

OVERVIEW Independent researcher Billy Rios has identified a directory traversal vulnerability in Schneider Electric’s SchneiderWEB, a web HMI. Schneider Electric has produced a firmware update that mitigates this vulnerability. Billy Rios has tested the update to validate that it resolves the...