Solaris 2.6/7.0 lpset -r Buffer Overflow Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/1138/info A vulnerability exists in the handling of the -r option to the lpset program, as included in Solaris 7 from Sun Microsystems. The -r option is undocumented. As such, its use in unknown. However, when supplied a...

IBM EGatherer 2.0 ActiveX Control Dangerous Method Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10562/info It is reported that the IBM eGatherer ActiveX control contains dangerous methods that may result in a remote compromise of a system on which the ActiveX control is installed. These methods may be accessed by a...

CVE-2014-2610

Directory traversal vulnerability in the Content Acceleration Pack CAP web application in HP Executive Scorecard 9.40 and 9.41 allows remote authenticated users to execute arbitrary code by uploading an executable file, aka ZDI-CAN-2117...

CVE-2014-3448 - Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS

Vulnerability title: Remote Code Execution Via Unauthenticated File Upload in BSS Continuity CMS CVE: CVE-2014-3448 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: The ASPX executable which is responsible for handling file...

openSUSE Security Update : mutt (openSUSE-SU-2014:0434-1)

The mailreader mutt was updated to fix a crash in header view that could be triggered by malformed e-mails and potentially be used to execute code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

CVE-2014-0476

The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option...

Threat Outbreak Alert RuleID10190: Email Messages Distributing Malicious Software on June 2, 2014

Medium Alert ID: 34520 First Published: 2014 June 2 20:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID10190 may contain the following files: Name | Size...

Hook Analyser 3.1 - Malware Analysis Tool

Hook Analyser is a freeware application which allows an investigator/analyst to perform “static & run-time / dynamic” analysis of suspicious applications, also gather analyse & co-related threat intelligence related information or data from various open sources on the Internet. Essentially it’s a...

Threat Outbreak Alert: Fake Fax Message Notification Email Messages on May 27, 2014

Medium Alert ID: 34353 First Published: 2014 May 28 17:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to German-language spam email messages that claim to contain a fax message for the recipient. The text in the email message attempts to convince the recipient ...

Threat Outbreak Alert: Email Messages with Malicious Attachment on May 27, 2014

Medium Alert ID: 34370 First Published: 2014 May 27 19:20 GMT Last Updated: 2014 May 29 12:59 GMT Version: 2 Summary Cisco Security has detected significant activity related to German-language spam email messages that contain an attachment for the recipient. The email message attempts to convince...

PHP Libmagic Portable Executable Out-Of-Bounds Memory Access (CVE-2014-2270)

An out-of-bounds memory access vulnerability exists in PHP Libmagic. The vulnerability is due to the way the file utility determines the type of Portable Executable PE format files. A remote attacker can exploit this flaw by uploading a malicious PE file to a vulnerable server...

Threat Outbreak Alert: Fake Credit Card Invoice Notification Email Messages on May 12, 2014

Medium Alert ID: 34202 First Published: 2014 May 13 12:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a credit card invoice for the recipient. The text in the email message attempts to convince the recipient to open...

CVE-2013-4544

hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local guest users to cause a denial of service or possibly execute arbitrary code via vectors related to 1 RX or 2 TX queue numbers or 3 interrupt indices. NOTE: some of these details are obtained from third party information...

Threat Outbreak Alert: Fake Invitation Email Messages on May 5, 2014.

Medium Alert ID: 34120 First Published: 2014 May 6 14:52 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an invitation for the recipient. The text in the email message attempts to convince the recipient to open the...

McAfee Security Scanner Plus privilege escalation

Privilege escalation via executable spoofing...

Cisco TelePresence TC and TE Software u-boot Buffer Overflow Vulnerability

A vulnerability in the implementation of executable utilities that use the universal bootloader u-boot compiler of Cisco TelePresence TC and TE Software could allow an authenticated, local attacker to create a buffer overflow and possibly execute arbitrary code on the affected system. The...

USN-2188-1 elfutils vulnerability

Florian Weimer discovered that the elfutils libdw library incorrectly handled malformed compressed debug sections in ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, applications linked against libdw could be made to crash, or possibly execute...

Threat Outbreak Alert: Fake Product Catalog Notification Email Messages on April 28, 2014

Medium Alert ID: 33979 First Published: 2014 April 29 18:36 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages with a blank message body and a catalog attached for the recipient. However, the .zip attachment contains a malicious .exe file that,...

CVE-2014-2042

Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory ...

Analyze Cryptographic Specifications: Cryptol

The Cryptol specification language was designed by Galois for the NSA’s Trusted Systems Research Group as a public standard for specifying cryptographic algorithms. A reference specification can serve as the formal documentation for a cryptographic module. Unlike current specification mechanisms,...