Xerox WorkCentre 6400 OpenSSL RSA Temporary Key Handling EXPORT_RSA Ciphers Downgrade MitM (XRX15AP) (FREAK)

According to its model number and software version, the remote Xerox WorkCentre 6400 device is affected by a security feature bypass vulnerability, known as FREAK Factoring attack on RSA-EXPORT Keys, due to the support of weak EXPORTRSA cipher suites with keys less than or equal to 512 bits. A...

keepassx: information disclosure

It was found that XML export function creates hidden XML file containing user passwords in plaintext without warning, when the export is canceled, which may go unnoticed by the user. In this case the password database was exported as the file .xml in the current working directory often $HOME or t...

GoAutoDial CE 3.3 SQL Injection / Command Injection

Title : GoAutoDial CE 3.3 Multiple SQL injections, Command Injection Date : 06/12/2015 Author : R-73eN Tested on : goautodial-32bit-ce-3.3-final Software : http://goautodial.org/ | | / | / | / \ | | | || ' | | / | | / \ ' \ / \ | | | || | | | | | || | / | | | / | | ||| ||| / ||| || // \|...

Shopify: CSV Excel Macro Injection Vulnerability in export list of current users - app.shopify.com

Hi , I have found that when a user tries to Export list of current users who installed his apps through: https://app.shopify.com/services/partners/apiclients//exportinstalledusers the fields of the CSV file are not properly escaped. which makes them vulnerable to CSV Excel Macro Injection...

The vulnerability in the web application for data synchronization with ownCloud allows a hacker to read data from arbitrary calendars.

The vulnerability in the web application for data synchronization with ownCloud relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker, operating remotely, to read data from arbitrary calendars by manipulating the...

GetHead - HTTP Header Analysis Vulnerability Tool

gethead.py is a Python HTTP Header Analysis Vulnerability Tool. It identifies security vulnerabilities and the lack of protection in HTTP Headers. Usage: $ python gethead.py http://domain.com Changelog Version 0.1 - Initial Release Written in Python 2.7.5 Performs HTTP Header Analysis Reports...

MIT Kerberos 5 Buffer Overflow Vulnerability

MIT Kerberos 5 also known as krb5 is the United States Massachusetts Institute of Technology MIT developed a set of network authentication protocols, which uses a client/server structure, and the client and server side can be authenticated to each other i.e., double authentication to prevent...

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. The iakerbgssexportseccontext function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of...

DEBIAN-CVE-2015-2698

The iakerbgssexportseccontext function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service memory corruption or possibly have unspecified other impact by...

UBUNTU-CVE-2015-2698

The iakerbgssexportseccontext function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 aka krb5 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticated users to cause a denial of service memory corruption or possibly have unspecified other impact by...

Latest EMET Bypass Targets WoW64 Windows Subsystem

Backwards compatibility, a necessary evil for Microsoft in its need to support so many legacy applications on Windows, may be its undoing as researchers have found a way to exploit this layer in the operating system to bypass existing mitigations against memory-based exploits. Specifically in thi...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.1-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

CVE-2013-3240

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type...

Oracle Fusion Middleware Outside In Technology Component Denial of Service Vulnerability (CNVD-2015-06850)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, and other capabilities. oracle Outside In Technology is one of the software development...

Oracle Fusion Middleware Outside In Technology Component Denial of Service Vulnerability (CNVD-2015-06849)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, and other capabilities. oracle Outside In Technology is one of the software development...

CVE-2015-4811

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809...

Buffer overflow

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811...

Buffer overflow

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809...

CVE-2015-4809

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811...

CVE-2015-4809

CVE-2015-4809 affects Oracle Outside In Technology (PDF Export SDK) used in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2. The vulnerability is described as unspecified and local, allowing a denial of service via the Outside In PDF Export SDK. Impact is limited to availability (CVSS v2 base score 1....