SRC-2016-0024 : Oracle Knowledge Management Castor Library XML External Entity Injection Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Oracle Knowledge Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TestClient.jsp script using the...

MS15-009: Description of the security update for JScript9.dll in Internet Explorer: February 10, 2015

Resolves vulnerabilities in Internet Explorer that could allow remote code execution if a user views a specially crafted webpage.SummaryThis article describes the cumulative security update for JScript9.dll in Internet Explorer that is dated February 10, 2015. This security update resolves an iss...

ISC Releases Security Updates for BIND

The Internet Systems Consortium ISC has released security updates to address multiple vulnerabilities in BIND, one of which may allow a remote attacker to cause a denial of service. Updates available include: BIND 9 version 9.9.6-P1 BIND 9 version 9.10.1-P1 Users and administrators are encouraged...

DAMM - Differential Analysis of Malware in Memory

An open source memory analysis tool built on top of Volatility. It is meant as a proving ground for interesting new techniques to be made available to the community. These techniques are an attempt to speed up the investigation process through data reduction and codifying some expert knowledge...

漫游用友集团各大系统

简要描述： 漫游用友集团各大系统 详细说明： 在一个月黑风高的夜晚，用友某员工的集团办公平台账号，悄悄地泄露了。 // Send message Transport transport=session.getTransport; transport.connect"192.168.210.160" , 25, "ch2","1r"; transport.sendMessagemessage,new Addressnew InternetAddress"[email protected]" ; transport.close;...

Security Update for Microsoft .NET Framework 4.5, 4.5.1 and 4.5.2 on Windows 8 (KB2978127)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

CVE-2014-7418

The CVE-2014-7418 entry corresponds to the BBC Knowledge Magazine app (Android, version 3.01). Multiple connected sources confirm the vulnerability: the app does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat...

Security Update for Windows 8 (KB3000869)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

VMSA-2014-0010 : VMware product updates address critical Bash security vulnerabilities (Shellshock)

a. Bash update for multiple products. Bash libraries have been updated in multiple products to resolve multiple critical security issues, also referred to as Shellshock. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the identifiers CVE-2014-6271, CVE-2014-7169,...

CVE-2012-5491

z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id...

Updated bash packages fix CVE-2014-6271

Updated bash packages fix security vulnerability: A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote...

Cisco IOS XR Software Malformed MPLS Packet Denial of Service Vulnerability

A vulnerability in parsing of malformed Multiprotocol Label Switching MPLS packets in Cisco IOS XR Software for Cisco Network Convergence System 6000 Series Routers could allow an unauthenticated, adjacent attacker to cause a lockup and eventual reload of a network processor unit NPU and a line...

Security Update for Microsoft .NET Framework 4.5 and 4.5.1 on Windows 8 and Windows Server 2012 for x64-based Systems (KB2894855)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

UBUNTU-CVE-2014-3429

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page...

Local Privilege Escalation Vulnerability in Symantec Endpoint Protection

US-CERT is aware of a local privilege escalation vulnerability in Symantec Endpoint Protection. This vulnerability affects all versions of Symantec Endpoint Protection Client 11.x and 12.x running Application and Device Control. Exploitation of this vulnerability may allow an attacker to gain ful...

Security Update for Windows 8 (KB2961072)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

Security Update for Windows 8 (KB2972280)

A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article...

68kb Knowledge Base 1.0.0rc3 - Edit Main Settings CSRF

No description provided by source. Exploit Title: 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF Date: 2010-04-02 Author: Jelmer de Hen Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip Version: v1.0.0rc3 html body onload=document.forms'editsettings'.submit form...

Aladdin Knowledge System Ltd. PrivAgent ActiveX Control 2.0 - Multiple Vulnerabilities

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================================= FILE INFO: ============================================================================================= Aladdin Knowledge...

PHPBB 1.x/2.0.x Knowledge Base Module KB.PHP SQL Injection Vulnerability

No description provided by source...