KLA10400 DoS vulnerabilities in Wireshark

Multiple serious vulnerabilities have been found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities 1. Improper handling of n and r symbols can be exploited remotely via a specially designed packet; 2. Improper...

UBUNTU-CVE-2014-5077

The sctpassocupdate function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and OOPS by starting to establish an association between two endpoints immediately after an...

Patch Management: Dell KACE K1000 Computer Info Initialization

Binary data dellkacek1000getcomputerinfo.nbin...

VulnCheck KEV: CVE-2019-25141

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.3.9. This is due to missing capability checks on the admininit function, in addition to insufficient input validation. This makes it possible for unauthenticated attackers to...

mcollective -- cert valication issue

Melissa Stone reports: The MCollective aessecurity public key plugin does not correctly validate certs against the CA. By exploiting this vulnerability within a race/initialization window, an attacker with local access could initiate an unauthorized MCollective client connection with a server, an...

Design/Logic Flaw

The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing the service, which allows local users to cause a denial of service initialization failure and exit...

Irokez CMS <= 0.7.1 - Multiple Remote File Include Vulnerabilities

No description provided by source. +------------------------------------------------------------------------------------------- + Irokez CMS = 0.7.1 Multiple Remote File Include Vulnerabilities +------------------------------------------------------------------------------------------- + Vendor...

Linux Kernel 2.6.x 'sock.c' SO_BSDCOMPAT Option Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/33846/info The Linux Kernel is prone to an information-disclosure vulnerability because it fails to properly initialize certain memory before using using it in a user-accessible operation. Successful exploits will allow...

RealNetworks RealPlayer CDDA URI Initialization Vulnerability

No description provided by source. $Id: realplayercddauri.rb 12009 2011-03-17 15:42:28Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and ter...

VLC 0.86 < 0.86d ActiveX Remote Bad Pointer Initialization PoC

No description provided by source. !-- Core Security Technologiess - CoreLabs Advisory http://www.coresecurity.com/corelabs VLC Activex Bad Pointer Initialization Vulnerability Advisory Information Title: VLC Activex Bad Pointer Initialization Vulnerability Advisory ID: CORE-2007-1004 Advisory UR...

GNU C library dynamic linker LD_AUDIT arbitrary DSO load Vulnerability

No description provided by source. from: http://marc.info/?l=full-disclosure&m=128776663124692&w=2 The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads ------------------------------------------------------------------------------- Cześć, This advisory describes...

Linux Kernel 2.x - sock_sendpage() Local Ring0 Root Exploit

Linux...

SudBox Boutique 1.2 login.PHP Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7651/info A vulnerability has been reported for SudBox Boutique. The problem occurs due to insufficient initialization of variables and may allow an unauthorized user to gain authenticate. Specifically, by making a...

McKesson ActiveX File/Environmental Variable Enumeration

No description provided by source. html !-- McKesson ActiveX File/Environmental Variable Enumeration Vendor: McKesson Version: 11.0.10.38 Tested on: Windows XP SP3 / IE Download: N/A Author: Blake Additional Details: This activex control is packaged with the Horizon Rad Station software used by...

openSUSE Security Update : ghostscript-devel (openSUSE-SU-2010:0451-1)

ghostscript by default read some initialization files from the current working directory. Local attackers could potentially exploit that to have other users execute arbitrary commands by placing such files e.g. in /tmp CVE-2010-2055. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

CVE-2013-0250

The initnsshash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service crash via a crafted packet...

Malx Media Player handle malformed m3u file stack overflow local arbitrary code execution-vulnerability warning-the black bar safety net

Malx Media Player 3.2.2 handle malformed m3u file will occur when the stack overflows, which can allow an attacker to successfully control EIP, and execute arbitrary code. （Win7 SP1 with MacType for ROP） Malx Media Player is using MAXPATH as initialization parameters on the stack variable, but th...

Microsoft Internet Explorer Memory Corruption (MS14-029; CVE-2014-0310)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...

kernel: net: sctp: null pointer dereference when processing authenticated cookie_echo chunk

A flaw was found in the way the Linux kernel processed an authenticated COOKIEECHO chunk during the initialization of an SCTP connection. A remote attacker could use this flaw to crash the system by initiating a specially crafted SCTP handshake in order to trigger a NULL pointer dereference on th...

Microsoft Internet Explorer Memory Corruption (MS14-018: CVE-2014-1753)

A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way that Internet Explorer accesses an object that has not been correctly initialized or has been deleted. A remote attacker can exploit this issue by enticing a use...