Heap overflow

The thumbnail shell extension plugin FoxitThumbnailHndlrx86.dll in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service out-of-bounds write and application crash via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap...

CVE-2016-8879

The thumbnail shell extension plugin FoxitThumbnailHndlrx86.dll in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service out-of-bounds write and application crash via a crafted JPEG2000 image embedded in a PDF document, aka an "Exploitable - Heap...

CVE-2016-8879

CVE-2016-8879 affects Foxit Reader and Foxit PhantomPDF prior to 8.1 on Windows. The issue lies in the thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) where a crafted JPEG2000 image embedded in a PDF can trigger an out-of-bounds write, causing an application crash and a denial-of-s...

Rockwell Automation MicroLogix 1100 PLC Overflow Vulnerability

OVERVIEW David Atch of CyberX has identified a stack-based buffer overflow vulnerability in Rockwell Automation’s Allen-Bradley MicroLogix 1100 programmable logic controller PLC systems. Rockwell Automation has produced a new firmware version to mitigate this vulnerability. This vulnerability cou...

CVE-2016-8333

An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can provide a malicious pdf file to trigger this...

Type confusion

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the applicatio...

CVE-2016-8331

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the applicatio...

CVE-2016-5287

A potentially exploitable use-after-free crash during actor destruction with service workers. This issue does not affect releases earlier than Firefox 49. This vulnerability affects Firefox 49.0.2...

SAP Adaptive Server Enterprise 16 - Denial of Service

''' Application: SAP Adaptive Server Enterprise Versions Affected: SAP Adaptive Server Enterprise 16 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 01.02.2016 Reported: 02.02.2016 Vendor response: 02.02.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2330839 Author...

SAP NetWeaver KERNEL 7.5 Buffer Overflow

Application: SAP NetWeaver KERNEL Versions Affected: SAP NetWeaver KERNEL 7.0-7.5 Vendor URL: http://SAP.com Bugs: Denial of Service Sent: 09.03.2016 Reported: 10.03.2016 Vendor response: 10.03.2016 Date of Public Advisory: 12.07.2016 Reference: SAP Security Note 2295238 Author: Dmitry Yudin...

Internet Bug Bounty: Stack Buffer Overflow in GD dynamicGetbuf

Stack-based buffer over flow in GD dynamicGetbuf - Vulnerable function: imagecreatefromstring - Bug has been reported: https://bugs.php.net/bug.php?id=73280 - Submitted a patch and accepted: https://github.com/php/php-src/commit/cc08cbc84d46933c1e9e0149633f1ed5d19e45e9 - Impact: Remotely...

Fixed in Apache Tomcat JK Connector 1.2.42

Moderate: Buffer Overflow CVE-2016-6808 The IIS/ISAPI specific code implements special handling when a virtual host is present. The virtual host name and the URI are concatenated to create a virtual host mapping rule. The length checks prior to writing to the target buffer for this rule did not...

SAP AS JAVA P4 MSPRuntimeInterface information disclosure

Application: SAP AS JAVA P4 Versions Affected: SAP AS JAVA P4 7.4 Vendor URL: SAP Bugs: Information disclosure Reported: 10.03.2016 Vendor response: 11.03.2016 Date of Public Advisory: 12.10.2016 Reference: SAP Security Note 2331908 Author: Vahagn Vardanyan ERPScan VULNERABILITY INFORMATION Class...

freeimage -- code execution vulnerability

TALOS reports: An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of the FreeImage library...

Apple OS X Server ServerDocs Server Weak Password Vulnerability

Apple OS X Server is a set of Unix-based server operating software from Apple, Inc. ServerDocs Server is one of the service components. A weak password vulnerability exists in ServerDocs Server in Apple OS X Server versions prior to 5.2 that support the RC4 encryption algorithm, which can be...

CVE-2016-5284

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org...

DSA-3672-1 irssi - security update

Bulletin has no description...

Security vulnerabilities fixed in Firefox 49 — Mozilla

A content security policy CSP containing a referrer directive with no values can cause a non-exploitable crash. An out-of-bounds write of a boolean value during text conversion with some unicode characters An out-of-bounds read during the processing of text runs in some pages using...

Kajona 4.7 - Cross-Site Scripting / Directory Traversal

Exploit for php platform in category web applications 1. Introduction Affected Product: Kajona 4.7 Fixed in: 5.0 Fixed Version Link: https://www.kajona.de/en/Downloads/downloads.getkajona.html Vendor Website: https://www.kajona.de/ Vulnerability Type: XSS & Directory Traversal Remote Exploitable:...

Kajona 4.7 - Cross-Site Scripting Directory Traversal

Kajona 4.7 - Cross-Site Scripting Directory Traversal Security Advisory - Curesec Research Team 1. Introduction Affected Product: Kajona 4.7 Fixed in: 5.0 Fixed Version Link: https://www.kajona.de/en/Downloads/downloads.getkajona.html Vendor Website: https://www.kajona.de/ Vulnerability Type: XSS...