DLA-219-1 icu - security update

Bulletin has no description...

flash-plugin: information leaks leading to ASLR bypass (APSB15-09)

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses,...

Microsoft Windows JScript & VBScript Security Bypass Vulnerability (3057263)

This host is missing an important security update according to Microsoft Bulletin MS15-053. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Internet Explorer Memory Corruption (MS15-043: CVE-2015-1686)

A security feature bypass vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to JScript and VBScript engines not using Address Space Layout Randomization ASLR security feature when rendered in Internet Explorer. A remote attacker can exploit this issue by...

Google Chrome < 42.0.2311.152 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.152. It is, therefore, affected by multiple vulnerabilities related to Adobe Flash : - An unspecified security bypass flaw exists that allows an attacker to disclose sensitive information. CVE-2015-3044 -...

Multiple Cross-Site Scripting Vulnerabilities in Pimcore userClassController.php

Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. The exportClassAction and exportCustomLayOutDefinitionAction functions in the Pimcore userClassController.php script fail to properly handle the 'id' GET parameter, allowing remote attackers to exploit...

Internet Bug Bounty: PHP yaml_parse/yaml_parse_file/yaml_parse_url Double Free

https://bugs.php.net/bug.php?id=69616 Description: ------------ The yaml parsing functions suffers from an exploitable double free caused by the error path for the phpvarunserialize call on line 797 of pecl/fileformats/yaml.git/parse.c: if ISNOTIMPLICITANDTAGISevent, YAMLPHPTAG const unsigned cha...

gpEasy CMS 4.4 Cross Site Scripting

Affected software: gpeasy cms Type of vulnerability:stored xss URL:gpeasy.com Discovered by: provensec Website: provensec.com version: gpEasy 4.4 Proof of concept goto edit layout and fill filed with xss payload " and save it javascript will execute --20cf303f64d02dcd89051578f782 Content-Type:...

Wordpress is continuously explosion two stored XSS, the impact of the latest version-bug warning-the black bar safety net

! /Article/UploadPic/2015-4/201542811437550.jpg The official Wordpress in 4 on 2 1, released new version 4. 1. 2, wherein the mentioned fixes a serious memory typexssvulnerabilities. Soon someone shows vulnerability details. Thisxssstill appear in the wordpress comments, but the problem is caused...

WordPress aeration stored XSS vulnerability, the impact of the 4. 2 and the following version-bug warning-the black bar safety net

The official WordPress in 4 on 2 1, released new version 4. 1. 2, wherein the mentioned fixes a serious memory typeXSSvulnerabilities. Soon someone shows vulnerability details. While the security research team Klikki Oy found in that new version XSSvulnerability a ThisXSSvulnerabilities appear in...

RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2015:0808)

The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0808 advisory. - jar: directory traversal vulnerability CVE-2005-1080 - OpenJDK: incorrect handling of phantom references Hotspot, 8071931...

Adobe Flash Player Security Bypass Vulnerability (CNVD-2015-02487)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player that originates from the program failing to properly restric...

ICU: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)

An off-by-one flaw, leading to a buffer overflow, was found in the font parsing code in the 2D component in OpenJDK. A specially crafted font file could possibly cause the Java Virtual Machine to execute arbitrary code, allowing an untrusted Java application or applet to bypass Java sandbox...

Microsoft Internet Explorer Layout::FlowBoxBuilder Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Samba &lt; 3.6.2 (x86) - Denial of Service (PoC)

!/usr/bin/python """ Exploit for Samba vulnerabilty CVE-2015-0240 by sleepya The exploit only targets vulnerable x86 smbd 3.6.24 which 'creds' is controlled by ReferentID field of PrimaryName ServerName. That means 'talloczero' in libtalloc does not write a value on 'creds' address. Reference: -...

Ubuntu: Security Advisory (USN-2565-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.10 : linux vulnerabilities (USN-2565-1)

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization ASLR protection mechanism. CVE-2015-1593 An information leak was discovered in the Linux Kernel'...

USN-2565-1: Linux kernel vulnerabilities

An integer overflow was discovered in the stack randomization feature of the Linux kernel on 64 bit platforms. A local attacker could exploit this flaw to bypass the Address Space Layout Randomization ASLR protection mechanism. CVE-2015-1593 An information leak was discovered in the Linux Kernel'...

Ubuntu: Security Advisory (USN-2560-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2563-1 linux vulnerabilities

Sun Baoliang discovered a use after free flaw in the Linux kernel's SCTP Stream Control Transmission Protocol subsystem during INIT collisions. A remote attacker could exploit this flaw to cause a denial of service system crash or potentially escalate their privileges on the system. CVE-2015-1421...