746 matches found
openoffice: Arbitrary file disclosure via crafted OLE objects
A flaw was found in the OLE Object Linking and Embedding generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution...
Qt Weekly #26: Protecting your application against hacking
Open-source applications are open by nature, indented and encouraged for tweaking, hacking and further development. For a business critical application or a device there sometimes is desire to make it closed and prevent modifications. Because of the dual licensing, Qt offers a commercial license...
Apple TV < 7.0.3 Multiple Vulnerabilities
According to its banner, the remote Apple TV device is a version prior to 7.0.3. It is, therefore, affected by the following vulnerabilities : - Multiple memory corruption issues exist, related to the included version of WebKit, that allow application crashes or arbitrary code execution...
APPLE-SA-2015-01-27-1 Apple TV 7.0.3
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2015-01-27-1 Apple TV 7.0.3 Apple TV 7.0.3 is now available and addresses the following: Apple TV Available for: Apple TV 3rd generation and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem...
[SECURITY] Fedora 21 Update: avr-binutils-2.24-4.fc21
This is a Cross Compiling version of GNU binutils, which can be used to assemble and link binaries for the avr platform, instead of for the native arm platform...
CVE-2014-8475
FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos support, uses incorrect library ordering when linking sshd, which causes symbols to be resolved incorrectly and allows remote attackers to cause a denial of service sshd deadlock and prevention of new connections by ending multiple...
VulnCheck KEV: CVE-2014-4114
A vulnerability exists in Windows Object Linking & Embedding OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object...
Another Bypass Identified in PayPal 2FA
A security researcher has uncovered a simple method for bypassing the two-factor authentication mechanism that PayPal uses to protect accounts that are tied to eBay accounts. The vulnerability is related to the way that the login flow works when a user is prompted to connect her eBay account to h...
[SECURITY] Fedora 20 Update: mumble-1.2.6-1.fc20.1
Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...
Metasploit < 4.4 - pcap_log Plugin Privilege Escalation Exploit
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require...
wu-ftpd 2.6.2, 2.6.0, 2.6.1 realpath() Off-By-One Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8315/info The 'realpath' function is a C-library procedure to resolve the canonical, absolute pathname of a file based on a path that may contain values such as '/', './', '../', or symbolic links. A vulnerability that wa...
[SECURITY] Fedora 19 Update: nspr-4.10.6-1.fc19
NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...
[SECURITY] Fedora 20 Update: nspr-4.10.6-1.fc20
NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...
openSUSE Security Update : lighttpd (openSUSE-2012-110)
added lighttpd-1.4.30headfixes.patch: cherry picked 4 fixes from HEAD : - ssl include more headers explicitly - list all network handlers in lighttpd -V fixes lighttpd2376 - Move fdevent subsystem includes to implementation files to reduce conflicts fixes lighttpd2373 - ssl fix segfault in...
[SECURITY] Fedora 19 Update: mumble-1.2.6-1.fc19
Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...
[SECURITY] Fedora 20 Update: mumble-1.2.6-1.fc20
Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...
[SECURITY] Fedora 19 Update: mumble-1.2.5-1.fc19
Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...
[SECURITY] Fedora 20 Update: mumble-1.2.5-1.fc20
Mumble provides low-latency, high-quality voice communication for gamers. It includes game linking, so voice from other players comes from the direction of their characters, and has echo cancellation so that the sound from your loudspeakers won't be audible to other players...
MacOSX 10.9.2/XNU HFS Hard Linking
MacOSX/XNU HFS Multiple Vulnerabilities Maksymilian Arciemowicz http://cxsecurity.com/ http://cifrex.org/ =================== On November 8th, I've reported vulnerability in hard links for HFS+ CVE-2013-6799 http://cxsecurity.com/issue/WLB-2013110059 The HFS+ file system does not apply strict...
[SECURITY] Fedora 20 Update: nspr-4.10.2-1.fc20
NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management malloc and free and shared library linking...