EUVD-2009-3831

Malware in sbrugna...

SUSE: Security Advisory (SUSE-SU-2012:0688-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

iNSYNQ Ransom Attack Began With Phishing Email

A ransomware outbreak that hit QuickBooks cloud hosting firm iNSYNQ in mid-July appears to have started with an email phishing attack that snared an employee working in sales for the company, KrebsOnSecurity has learned. It also looks like the intruders spent roughly ten days rooting around...

MegaCortex Ransomware Revamps for Mass Distribution

A dangerous enterprise-focused ransomware, MegaCortex, has been retooled to become a weapon for wide-scale attacks. Previously used only in manual, post-network-exploitation, targeted campaigns on carefully selected targets, MegaCortex now has a second variant that adds automation to the kill...

Cisco Data Center Network Manager 11.1(1) Remote Code Execution Exploit

Cisco Data Center Network Manager DCNM versions 11.11 and below suffer from authentication bypass, arbitrary file upload, arbitrary file download, and information disclosure vulnerabilities. Authentication Bypass and Arbitrary File Upload leading to remote code execution on Cisco Data Center...

GE Communicator

1. EXECUTIVE SUMMARY CVSS v3 7.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Communicator Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Exploitation could allow attackers to execute arbitrary code or create a denial-of-service condition. 3...

Solaris srsexec Arbitrary File Reader

This module exploits a vulnerability in NetCommander 3.2.3 and 3.2.5. When srsexec is executed in debug -d verbose -v mode, the first line of an arbitrary file can be read due to the suid bit set. The most widely accepted exploitation vector is reading /etc/shadow, which will reveal root's hash f...

CVE-2018-10303

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3...

Design/Logic Flaw

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3...

CVE-2018-10303

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3...

CVE-2018-10302

A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-jyb51g3mv9...

CVE-2018-10302

CVE-2018-10302 describes a use-after-free vulnerability in Foxit Reader before 9.1 and PhantomPDF before 9.1 that can allow remote attackers to execute arbitrary code. The issue is cited as the iDefense ID V-jyb51g3mv9. Connected sources confirm the affected products (Foxit Reader/PhantomPDF) and...

The MSRC 2017 list of “Top 100” security researchers

Security researchers play an essential role in Microsoft’s security strategy and are key to community-based defense. To show our appreciation for their hard work and partnership, each year at BlackHat North America, the Microsoft Security Response Center highlights contributions of these...

Opera foreignObject textNode::removeChild Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the twenty-second entry in that series. Unfortunately I won't be able to publish everything within one month at the current rate, so I may continue to publish these...

Google Chrome Blink Serializer::doSerialize Bad Cast

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the ninth entry in that series, and the first to not target a Microsoft browser. The below information is available in more detail on my blog at...

wireshark -- multiple vulnerabilities

Wireshark development team reports: The following vulnerabilities have been fixed: wnpa-sec-2016-29 The SPOOLS dissector could go into an infinite loop. Discovered by the CESG. wnpa-sec-2016-30 The IEEE 802.11 dissector could crash. Bug 11585 wnpa-sec-2016-31 The IEEE 802.11 dissector could crash...

Debian DSA-3482-1 : libreoffice - security update

An anonymous contributor working with VeriSign iDefense Labs discovered that libreoffice, a full-featured office productivity suite, did not correctly handle Lotus WordPro files. This would enable an attacker to crash the program, or execute arbitrary code, by supplying a specially crafted LWP...

[SECURITY] [DSA 3482-1] libreoffice security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3482-1 [email protected] https://www.debian.org/security/ Sebastien Delafond February 17, 2016 https://www.debian.org/security/faq -...

DSA-3482-1 libreoffice - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3482-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...