108 matches found
Microsoft Office Invalid Pointer CVE-2014-6335 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability because it fails to properly handle objects in memory. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in...
Microsoft Internet Explorer 'CAttrValue' Style Attribute Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue by enticing an unsuspecting user to view a specially crafted webpage. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in...
Yappa-NG 1.x/2.x Unspecified Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13372/info yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks. The vendor has not published any specific...
Microsoft Internet Explorer CVE-2014-2767 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet explorer ...
Microsoft Internet Explorer CVE-2014-2760 Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Internet explorer ...
Microsoft Internet Explorer CVE-2013-3915 Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Microsoft Internet Explorer 6, 7, 8, 9, 10, and...
Fedora 19 : rrdtool-1.4.8-2.fc19 (2013-10288)
This is an update that adds explicit check to the imginfo format. It may prevent crash/exploit of user space applications which pass user supplied format to the library call without checking. This is an new version of rrdtool that fixes several bugs. The main new feature of this release is that...
Twitter Malware spotted in the wild stealing banking credentials
Trusteer researcher Tanya Shafir has recently identified an active configuration of TorRAT targeting Twitter users. Other than spreading ideas on the most popular social networks, now cyber criminals are spreading malware. The malware launches a Man-in-the-Browser MitB attack through the browser ...
Juniper's Junos Could Open Routers to TCP Attacks
UPDATE Some systems running older versions of Juniper Networks’ Junos OS software could be vulnerable to a transmission control protocol TCP flaw that can enable a hacker to crash and reboot certain routers. According to Australia’s IT News, an attacker could send a specially crafted TCP packet t...
Microsoft XML Core Services整数截断漏洞(MS13-002)
CVECAN ID: CVE-2013-0006 Microsoft Windows是微软公司推出的一系列操作系统。 Microsoft XML Core Services在解析XML内容时存在整数溢出错误,可被利用远程执行任意代码。 0 Microsoft Office 2007 Microsoft Office Office 2003 Professional Edi Microsoft Office 2003 Student and Teacher Edi Microsoft Office 2003 Standard Edition Microsoft Office 2003...
Microsoft BlueHat Security contest - Mega Prize $250,000
Microsoft BlueHat Security contest - Mega Prize $250,000 Microsoft today launched a $250,000 contest for researchers who develop defensive security technologies that deal with entire classes of exploits. The total cash awards for Microsoft's "BlueHat Prize " contest easily dwarfs any bug bounty...
Time to Focus on Results-Oriented Security
The security industry is full of pernicious problems with no easy solutions. Take spam, for example. The current best defense is filtering out the obvious spam messages. Yet, the countermeasure is not a solution: As anti-spam technology gets better, spammers merely churn out more spam and achieve...
Sdcms v1. 3 exploits-exploits warning-the black bar safety net
First, at the following address using the livehttpheader capture to get the COOKIE value: COOKIE: 1Rq4Qz6We6Dbsdcms%5Finfolever=; 1Rq4Qz6We6Dbsdcms%5Falllever=; 1Rq4Qz6We6Dbsdcms%5Fadmin=; 1Rq4Qz6We6Dbsdcms%5Fpwd=; 1Rq4Qz6We6Dbsdcms%5Fname=; 1Rq4Qz6We6Dbsdcms%5Fid=;...
HeapLocker Tool Protects Against Heap-Spray Attacks
As attackers have focused more and more of their energies on exploiting bugs in Web applications, and specifically memory-corruption vulnerabilities, researchers have followed along, trying to find new ways to protect users from these attacks. One of the newer entrants in this field is a tool...
Symantec Products Autonomy KeyView Module Vulnerability
SUMMARY Symantec products that ship a third-party Autonomy KeyView module have updated the module to address a vulnerability in the processing of Excel spreadsheets reported against the KeyView module. AFFECTED PRODUCTS Product | Version | Build | Solutions ---|---|---|--- Symantec Mail Security...
Microsoft Visio Object Validation Remote Code Execution Vulnerability
Description Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to run arbitrary code in the context of the user running the application. Failed exploit attempts will result in a...
Microsoft Visio Memory Validation Remote Code Execution Vulnerability
Description Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a...
Microsoft Windows IGMPv3 and MLDv2 processing vulnerability
Overview Microsoft Windows fails to properly process IGMPv3 and MLDv2 network traffic. If exploited, this vulnerability may result in arbitrary code execution or a denial-of-service condition. Description Internet Group Management Protoco IGMP is the protocol used by IPv4 hosts to report their...
ImageMagick ReadDIBImage函数整数溢出漏洞
BUGTRAQ ID: 25765 CVECAN ID: CVE-2007-4988 ImageMagick是一款Unix/Linux平台下开源的图像查看和编辑工具。 ImageMagick在处理带有畸形数据的文件时存在整数漏洞,远程攻击者可能诱使用户处理恶意文件控制用户系统。 ImageMagick的ReadDIBImage函数中存在整数溢出漏洞: 558 image-columns=unsigned long dibinfo.width ... 620 bytesperline=4image-columnsdibinfo.bitsperpixel+31/32; 621...
Cisco Clean Access多个远程安全漏洞
Cisco Clean Access CCA是一种用于自动检测、隔离、清除受恶意代码感染的设备访问网络的软件解决方案。 CCA的实现上存在两个安全漏洞,远程攻击得可能利用这些漏洞获取非授权访问或得到敏感信息。 CCA与Cisco Clean Access Manager CAM交互时,交互双方需要相同的密钥,CAM端的密钥在CAM和CAS初始化时设定,CCA实现上的漏洞使此密钥不可被更改,网络上所有相关的设备共享了相同的密钥,可能导致非授权访问。此漏洞的Cisco Bug ID为CSCsd48626,影响如下的CCA版本: CCA releases 3.6.x - 3.6.4.2 CCA...