Security Bulletin: Installer vulnerabilities in IBM FileNet Content Manager, IBM Content Foundation, and FileNet BPM (CVE-2016-4560)

Summary InstallAnywhere generates installation executables which are vulnerable to an DLL-planting vulnerability. Vulnerability Details CVEID: CVE-2016-4560 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search...

Security Bulletin: InstallShield and InstallAnywhere vulnerabilities affect IBM Security Guardium Data Redaction (CVE-2016-2542)

Summary Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused by an untrusted search path. An attacker could exploit this vulnerability using a Trojan horse DLL in the current working directory of a setup-launcher executable file to gain elevated...

Security Bulletin: IBM Forms Viewer Installation could allow a remote attacker to execute arbitrary code on the system (CVE-2016-2542)

Summary IBM Forms Viewer Installation could allow a remote attacker to execute arbitrary code on the system. If you have recently downloaded a copy of IBM Forms Viewer, use the information below to correct the vulnerability prior to installing the product. If you have already installed IBM...

Security Bulletin: IBM Forms Designer Installation could allow a remote attacker to execute arbitrary code on the system (CVE-2016-2542)

Summary IBM Forms Designer Installation could allow a remote attacker to execute arbitrary code on the system. If you have recently downloaded a copy of IBM Forms Designer, use the information below to correct the vulnerability prior to installing the product. If you have already installed IBM...

Security Bulletin: IBM Tealeaf Customer Experience installers vulnerable to attack (CVE-2016-2542)

Summary Installation programs for the Microsoft Windows components of IBM Tealeaf Customer Experience are vulnerable to attack under certain conditions. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could allow a remote attacker to execute arbitrary code on the...

Security Bulletin: Vulnerability in InstallShield/InstallAnywhere affects IBM Informix CSDK and Server installation on Windows(CVE-2016-2542, CVE-2016-4560)

Summary InstallShield/installAnywhere generates installation executables which are vulnerable to a DLL-planting affecting the installation of IBM Informix CSDK and Dynamic Server on Windows. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could allow a local attacker...

Security Bulletin: Vulnerabilities in Flexera InstallShield and InstallAnywhere affect IBM Data Server Driver packages (CVE-2016-2542, CVE-2016-4560)

Summary Vulnerabilities have been addressed in the Flexera InstallShield and InstallAnywhere componenst of IBM Data Server Driver packages. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallShield could allow a local attacker to gain elevated privileges on the system, caused ...

Security Bulletin: Potential vulnerability in IBM OpenPages GRC Platform due to vulnerability in Flexera InstallAnywhere based installation (CVE-2016-2542)

Summary The following potential security vulnerability has been identified in versions of IBM OpenPages GRC Platform that use a Flexera InstallAnywhere based installer. See the Vulnerability Details section for more information. Vulnerability Details Customers who have IBM OpenPages GRC Platform...

Security Bulletin: Vulnerability in InstallAnywhere affects IBM WebSphere Appliance Management Center for Microsoft Windows (CVE-2016-2542)

Summary An InstallAnywhere vulnerability was disclosed by Flexera. InstallAnywhere is used by IBM WebSphere Appliance Management Center for Microsoft Windows. Vulnerability Details CVEID: CVE-2016-2542 DESCRIPTION: Flexera InstallAnywhere could allow a local attacker to gain elevated privileges o...

Linux Kernel _sctp_make_chunk() Denial Of Service Vulnerability

Secunia Research has discovered a vulnerability in Linux Kernel, which can be exploited by malicious, local users to cause a DoS Denial of Service. An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash. The...

LibRaw 0.18.7 Denial Of Service Vulnerability

Exploit for linux platform in category dos / poc LibRaw 0.18.7 Denial Of Service Vulnerability ====================================================================== 1 Affected Software LibRaw versions prior to 0.18.7. ====================================================================== 2...

Libraw 0.18.5 Denial Of Service Vulnerability

Libraw version 0.8.15 suffers from a denial of service vulnerability. ====================================================================== LibRaw Multiple Denial of Service Vulnerabilities ====================================================================== Table of Contents Affected...

libsndfile 1.0.28 aiff_read_chanmap() Information Disclosure Vulnerability

A vulnerability in libsndfile 1.0.28, caused due to an error in the"aiffreadchanmap" function src/aiff.c, can be exploited tocause an out-of-bounds read memory access via a specially crafted AIFFfile. libsndfile "aiffreadchanmap" Information Disclosure Vulnerability Table of Contents Affected...

libsndfile -- out-of-bounds read memory access

Laurent Delosieres, Secunia Research at Flexera Software reports: Secunia Research has discovered a vulnerability in libsndfile, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the "aiffreadchanmap" function...

CVE-2017-6885

An error when handling certain external commands and services related to the FlexNet Inventory Agent and FlexNet Beacon of the Flexera Software FlexNet Manager Suite 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1 can be exploited to gain elevated privileges...

CVE-2017-6885

CVE-2017-6885 affects Flexera Software FlexNet Manager Suite (FlexNet Inventory Agent and FlexNet Beacon); vulnerable versions include 2017 before 2017 R1 and 2014 R3 through 2016 R1 SP1. Cause: an error in handling certain external commands and services that can be exploited to gain elevated pri...

Microsoft Windows - LoadUvsTable() Heap Buffer Overflow

Microsoft Windows - LoadUvsTable Heap Buffer Overflow Date: 15-03-2017 Author: Hossein Lotfi https://twitter.com/hosselot CVE: CVE-2016-7274 1. Description An integer overflow error within the "LoadUvsTable" function of usp10.dll can be exploited to cause a heap-based buffer overflow. Full analys...

CVE-2017-5571

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher aka Flex License Manager 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing...

Open redirect

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher aka Flex License Manager 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing...

CVE-2017-5571

Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher aka Flex License Manager 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to arbitrary web sites and conduct phishing...