AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection

AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection 1. ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro...

Missing Access Check in TYPO3 CMS

It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions. Component Type: TYPO3 CMS Release Date: May 24, 2016 Vulnerable subcomponent: Extbase Vulnerability Type: Missing access check Affected Versions: Versions 4.3.0 up to 8.1.0 Severity: Critical Suggested CVSS v2.0:...

AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection

ADVISORY INFORMATION ======================================== Title: AfterLogic WebMail Pro ASP.NET Administrator Account Takover via XXE Injection Application: AfterLogic WebMail Pro ASP.NET Class: Sensitive Information disclosure Remotely Exploitable: Yes Versions Affected: AfterLogic WebMail...

CVE-2016-4558

The BPF subsystem in the Linux kernel before 4.5.5 mishandles reference counts, which allows local users to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted application on 1 a system with more than 32 Gb of memory, related to the program reference...

Adobe Flash - Out-of-Bounds Read when Placing Object

Adobe Flash - Out-of-Bounds Read when Placing Object Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=794 There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read. A PoC is attached. To reproduce issue, put both files...

Adobe Flash - Out-of-Bounds Read when Placing Object

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=794 There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read. A PoC is attached. To reproduce issue, put both files on a server, and load:...

Adobe Flash - Out-of-Bounds Read when Placing Object

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=794 There is an out of bounds read when placing a corrupt image. This issue might be exploitable, depending on what is read. A PoC is attached. To reproduce issue, put both files ...

CVE-2016-1550

An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key...

Oracle Solaris Critical Patch Update : apr2016_SRU11_3_6_5_0

This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Fwflash. The supported version that is affected is 11.3. Easily exploitable vulnerability allows high privileged...

Oracle Fixes 136 Vulnerabilities With April CPU

Oracle fixed 136 vulnerabilities across 46 different products this week as part of its quarterly Critical Patch Update. More than half of the CVEs, 72, could be remotely exploitable without authentication. Fixes for a slew of products, including Oracle’s Database Server, E-Business Suite, Fusion...

American Fuzzy Lop Utilities: afl-utils

Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization afl-utils is a collection of utilities to assist fuzzing with american-fuzzy-lop afl . afl-utils includes tools for: automated crash sample collection, verification, reduction and analys...

KLA10794 Multiple vulnerabilities in Oracle MySQL

An unspecified vulnerabilities were found in Oracle MySQL Server. By exploiting these vulnerabilities malicious users can cause denial of service and loss of integrity or obtain sensitive information. These vulnerabilities can be exploited remotely via a vectors related to Packaging, Pluggable...

Axis Network Cameras - Multiple Vulnerabilities

Exploit for hardware platform in category web applications I. ADVISORY INFORMATION ----------------------- Title: Axis Network Cameras Multiple Cross-site scripting Vendor: Axis Communications Class: Improper Input Validation CWE-20 CVE Name: CVE-2015-8256 Remotely Exploitable: Yes Locally...

Axis Network Cameras - Multiple Vulnerabilities

Axis Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY...

WP Multiple Meta Box v1.0 - SQL Injection Vulnerability

Document Title: =============== WP Multiple Meta Box v1.0 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1818 Release Date: ============= 2016-04-08 Vulnerability Laboratory ID VL-ID: ==================================== 18...

Linux Kernel (x86) - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited

Linux Kernel x86 - Disable ASLR by Setting the RLIMITSTACK Resource to Unlimited Source: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html CVE-2016-3672 - Unlimiting the stack not longer disables ASLR Authors: Hector Marco & Ismael Ripoll CVE: CVE-2016-3672...

kxip.in XSS vulnerability

Vulnerable URL: http://kxip.in/login.php?page=forget=I%20could%20not%20find%20your%20email%20address%20on%20the%20database..to=%22%3E%3Cimg%20src=x%20onerror=alert%28%27XSSPOSED%27%29%3E Details: Description| Value ---|--- Patched:| Yes, at 23.11.2017 Latest check for patch:| 23.11.2017 23:11 GMT...

Firefox Add-On Flaw Leaves Apple And Windows Computers Open To Attack

Researchers warn hundreds of popular Firefox browser extensions are vulnerable to attack that could give hackers control of Mac OS X and Windows computers. Researchers from Northeastern University say the flaw is tied to Firefox’s support for an older browser extension platform and the Mozilla...

Kamailio 4.3.4 - Heap Buffer Overflow

Kamailio 4.3.4 - Heap Buffer Overflow census ID: census-2016-0009 CVE ID: CVE-2016-2385 Affected Products: Kamailio 4.3.4 and possibly previous versions Class: Heap-based Buffer Overflow CWE-122 Remote: Yes Discovered by: Stelios Tsampas Kamailio successor of former OpenSER and SER is an Open...

Remotely Exploitable Bug in Truecaller Puts Over 100 Million Users at Risk

Security researchers have discovered a remotely exploitable vulnerability in Called ID app "Truecaller" that could expose personal details of Millions of its users. Truecaller is a popular service that claims to "search and identify any phone number," as well as helps users block incoming calls o...