360 matches found
CVE-2018-5729
CVE-2018-5729 (and CVE-2018-5730) affects MIT Kerberos 5 (krb5) where an authenticated kadmin user with LDAP-principal-adding rights can cause a NULL pointer dereference or bypass a DN container check by supplying crafted data or DN arguments. The issue stems from insufficient validation in the K...
flash-plugin: out-of-bounds read causing information leak (APSB18-01)
An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid out-of-range pointer offset during access of internal data structure fields causes...
Design/Logic Flaw
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the...
CVE-2017-16382
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the...
CVE-2017-12424
In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes with a buffer overflow or other memory corruption or other unspecified behaviors. This crosses a privilege boundary in, for example,...
CVE-2017-3026
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code execution...
Apple iOS 10.1 - Multiple Access Permission Vulnerabilities
Document Title: =============== Apple iOS 10.1 - Multiple Access Permission Vulnerabilities References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2012 Apple Security ID: 648680301 Video1: https://www.youtube.com/watch?v=fY2ObtxkDg Video2:...
PT-2016-2775 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is related to a lack of protection for internal data in the Flash Player platform. It can be exploited by a remote attacker to bypass existing access restrictions or...
Network-based DNS logging in Go: GoPassiveDNS
A network-capture based DNS logger, inspired by passivedns. It uses gopacket to deal with libpcap and packet processing. It outputs JSON logs. It is intended to deal with high volume query capture in environments with anywhewre from one to hundreds of DNS resolvers. Why not use PassiveDNS from...
PT-2016-2390 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is related to a lack of protection for internal data in the Flash Player platform. This could allow a remote attacker to obtain confidential information from the proces...
Ashley Madison Hacker – An Insider Woman Employee?
"Ashley Madison was not hacked!" This is what declared by John McAfee, former founder of antivirus software company McAfee. So far everyone must be aware of Ashley Madison massive data breach. Last week, the hackers, who called themselves Impact Team, posted 10GB of personal data for tens of...
ShopEx多名员工安全意识不足泄露内部业务信息
简要描述: ShopEx 详细说明: 以下多名员工邮箱存在弱口令,包括hr。 hr Shopex123 chenminrui Shopex123 huhao Shopex123 lihuatian Shopex123 lixunlong Shopex1234 可进一步登陆 mail.shopex.cn 漏洞证明: 随机抽两个看一下 还有vpn说明 点到为止 就这样吧...
Ashley Madison 2.0 — Hackers Leak 20GB Data Dump, Including CEO's Emails
The Impact Team – Wait, Cheaters! We haven't yet done. The group of hackers behind the breach of Ashley Madison, the popular cheater's dating service, have released a second, even much bigger 'cheat sheet' exposing sensitive materials that include sensitive corporate information. Two days ago, th...
金蝶某处配置不当可导致内部敏感信息泄露
简要描述: rt审核帮忙打一下码谢谢 详细说明: 问题出现在:https://github.com/Kevin2030/financemonitor/blob/9c4ffc8dd773ee072648de3a2e5d7b8afabf638a/src/main/resources/monitor.properties mail.from==?UTF-8?B?6YeR6J225LqS6IGU572R6YeR6J6N?= mail.smtp.host=kdmail.kingdee.com mail.smtp.auth=true mail.debug=false...
SAP Mobile Platform XXE Information Disclosure Vulnerability
SAP Mobile Platform is an enterprise mobility platform. SAP Mobile Platform suffers from an XXE External Entity Reference vulnerability that allows remote attackers to submit special XML to send requests to an internal server to obtain sensitive information...
SEC Consult SA-20150113-1 :: Privilege Escalation & XSS & Missing Authentication in Ansible Tower
SEC Consult Vulnerability Lab Security Advisory 20150113-1 ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5 impact: high homepage:...
UBUNTU-CVE-2013-4590
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, .jspx, .tagx, or .tld XML document containing an external entity declaration ...
CVE-2011-0990
Race condition in the FastCopy optimization in the Array.Copy method in metadata/icall.c in Mono, when Moonlight 2.x before 2.4.1 or 3.x before 3.99.3 is used, allows remote attackers to trigger a buffer overflow and modify internal data structures, and cause a denial of service plugin crash or...
CVE-2002-0992
Unknown vulnerability in IPV6 functionality for DCE daemons 1 dced or 2 rpcd on HP-UX 11.11 allows attackers to cause a denial of service crash via an attack that modifies internal data...
CVE-1999-0674
CVE-1999-0674 affects the BSD profiling system call. A local user can modify the internal data space of a program via profiling and execve, with potential impact on confidentiality, integrity, and availability as noted in the sources. No remediation steps or concrete exploit details are provided ...