4124 matches found
KLA11116 Multiple vulnerabilities in Mozilla Thunderbird
Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, perform cross-site scripting and execute arbitrary code. Below is a complete list of vulnerabilities: 1. A...
CVE-2017-7793
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
UBUNTU-CVE-2017-7793
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
ThunderShell - PowerShell based RAT
ThunderShell is a Powershell based RAT that rely on HTTP request to communicate. All the network traffic is encrypted using a second layer of RC4 to avoid SSL interception and defeat network hooks. Dependencies apt install redis-server apt install python-redis Logs Every errors, http requests and...
Mozilla Firefox, Firefox ESR and Thunderbird Memory Misreference Vulnerability
Mozilla Firefox, Firefox ESR and Thunderbird are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client from Mozilla...
Mozilla: Use-after-free with Fetch API (MFSA 2017-22)
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
CVE-2017-7793
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox 56, Firefox ESR 52.4, and Thunderbird 52.4...
UBUNTU-CVE-2017-12621
During Jelly xml file parsing with Apache Xerces, if a custom doctype entity is declared with a "SYSTEM" entity with a URL and that entity is used in the body of the Jelly file, during parser instantiation the parser will attempt to connect to said URL. This could lead to XML External Entity XXE...
Security vulnerabilities fixed in Firefox 56 — Mozilla
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake addre...
Security vulnerabilities fixed in Firefox ESR 52.4 — Mozilla
A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. A use-after-free vulnerability can occur when manipulating arrays of Accessible Rich Internet Applications ARIA elements...
UBUNTU-CVE-2017-12944
The TIFFReadDirEntryArray function in tifread.c in LibTIFF 4.0.8 mishandles memory allocation for short files, which allows remote attackers to cause a denial of service allocation failure and application crash in the TIFFFetchStripThing function in tifdirread.c during a tiff2pdf invocation...
Important: kernel
Issue Overview: Buffer overflow in mpoverridelegacyirq: Buffer overflow in the mpoverridelegacyirq function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. CVE-2017-11473 A race between inotifyhandleevent and...
Qemu: usb: xHCI: infinite loop vulnerability in xhci_ring_fetch
The xhciringfetch function in hw/usb/hcd-xhci.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash by leveraging failure to limit the number of link Transfer Request Blocks TRB to process...
VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass
VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass Exploit Title: IP Camera VACRON VIG-US731VE Date: 2017-07-18 Exploit Author: anonymous Vendor Homepage: www.vacron.com Version: V1.0.18-09-B727 1. doesn't require credentials to fetch snapshot like this:...
CVE-2017-9985
The sndmsndmidiinputread function in sound/isa/msnd/msndmidi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that...
CVE-2017-9986
The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "doub...
Invincea-X SboxDrv.sys Version Number Query Local Privilege Escalation Vulnerability
Summary An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a specia...
DEBIAN-CVE-2017-9986
The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "doub...
CVE-2017-9986
The intr function in sound/oss/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "doub...
CVE-2017-9984
The sndmsndinterrupt function in sound/isa/msnd/msndpinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service over-boundary access or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that...