flash-plugin: multiple code execution issues fixed in APSB15-32

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute...

RHEL 7 : apache-commons-collections (RHSA-2015:2522)

Updated apache-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

jakarta security update

CentOS Errata and Security Advisory CESA-2015:2521 Updated jakarta-commons-collections packages that fix one security issue are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

SoundTap 2.27 - Code Execution Vulnerability

Exploit for windows platform in category remote exploits Launch Url 3. Paste malicious url in input "Enter url Launch" 4. Click ok 5. PHP code executed successfully Code Execution Calculator By ZwX - Vulnerability Lab.com evalbase64decode'ZXZhbChiYXNlNjRfZGVjb2RlKCdaWFpoYkNoaVlYTmxOalJmWkdWamIy...

Nibbleblog File Upload Vulnerability

Exploit for php platform in category remote exploits This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Nibbleblog File Upload Vulnerability', 'Description' = %q Nibbleblog contai...

CVE-2015-7635

The CVE-2015-7635 entry describes a use-after-free vulnerability in Adobe Flash Player (Windows/macOS: before 18.0.0.252 and 19.x before 19.0.0.207; Linux before 11.2.202.535) and Adobe AIR (before 19.0.0.213, including AIR SDK before/Compiler before 19.0.0.213). The underlying issue is a use-aft...

Adobe Acrobat Reader DC CBSharedReviewCloseDialog Javascript API Restrictions Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

FreeBSD : p5-UI-Dialog -- shell command execution vulnerability (00dadbf0-6f61-11e5-a2a1-002590263bf5)

Matthijs Kooijman reports : It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a...

LFI with PHPInfo the local test process-bug warning-the black bar safety net

LFI with PHPInfo foreign researchers in 2 0 0 1 published in a local file comprising the use of the method, as a novice in the domestic but can not find complete study materials, after several days of research to learn and put their learning process, summarize, and share. Basics The local file...

Fedora 23 : ipython-3.2.1-3.fc23 (2015-16128)

Add upstream patch to fix file execution vulnerability bug 1264067 ---- Add upstream patch to fix XSS vulnerability bug 1259405 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean...

NS-DV7500企业级高性能VPN安全网关命令执行漏洞

No description provided by source...

D-Link Cookie Command Execution

This module exploits an anonymous remote upload and code execution vulnerability on different D-Link devices. The vulnerability is a command injection in the cookie handling process of the lighttpd web server when handling specially crafted cookie values. This module has been successfully tested ...

HP KeyView Arbitrary Code Execution Vulnerability (CNVD-2015-05714)

HP KeyView is file filtering and conversion software that extracts file content and metadata. A security vulnerability exists in the implementation of HP KeyView versions prior to 10.23.0.1 and prior to 10.24.0.1. A remote attacker can exploit this vulnerability to execute arbitrary code...

Command Execution Vulnerability in Beijing PaiNet Software Traffic Analysis Management System

Beijing Paiwang Software Co., Ltd. is specialized in the development of domestic web application layer traffic monitoring and management engine. A command execution vulnerability exists in the traffic analysis and management system of Beijing PaiNet Software. The vulnerability allows an attacker ...

BitTorrent Bootstrap Remote Code Execution Vulnerability

BitTorrent is a set of peer-to-peer file uploading and downloading software based on the BitTorrent protocol by BitTorrent Inc. in the U.S. BitTorrent Bootstrap aka bootstrap-dht is one of the DHT Distributed Hash Table bootstrap servers. network node hash list bootstrap into BitTorrent. A remote...

D-Link Cookie command injection

Added: 07/30/2015 Background D-Link produces a variety of routers, switches, and other network equipment for home users and businesses. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted cookie in an HTTP request...

CVE-2015-2369

Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a...

KLA10582 Code execution vulnerability in Microsoft Sharepoint Server

An unspecified vulnerability was found in Microsoft SharePoint Server. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed page content. Original advisories Microsoft bulletin CVE-2015-1700 Related...

GNU C Library glibc getanswer_r Buffer Overflow (CVE-2015-1781)

A code execution vulnerability exists in GNU C Library. The vulnerability is due to an error within the getanswerr function when handling DNS response resulting in a buffer overflow. A remote attacker can exploit this vulnerability by providing a specially-crafted DNS response to an application...

Linkus Photo Manager Pro 4.4.0 Code Execution

Document Title: =============== Photo Manager Pro 4.4.0 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1444 Release Date: ============= 2015-03-10 Vulnerability Laboratory ID VL-ID: ====================================...