Windows Manage Driver Loader

This module loads a KMD Kernel Mode Driver using the Windows Service API. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SERVICEDEMANDSTART', 'boot' = 'SERVICEBOOTSTART', 'auto' =...

[SE-2012-01] Issue 69 details and IBM Java vulnerabilities

Hello All, The CPU released yesterday Oct 15, 2013 by Oracle included information about a fix for Java SE 7 vulnerability Issue 69 that was reported to the company in July. Issue 69 allows to conduct a very classic attack against Java VM - the so called class spoofing attack. To quote the paper...

DEBIAN-CVE-2013-6397

Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. dot dot or full pathname in the tr parameter to solr/select/, when the response writer wt parameter is set to XSLT. NOTE: this can be leveraged using a separa...

Oracle Linux 5 / 6 : gimp (ELSA-2013-1778)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2013-1778 advisory. - fix overflow in XWD loader CVE-2013-1913, CVE-2013-1978 Tenable has extracted the preceding description block directly from the Oracle Linux...

GNU C Library: Multiple vulnerabilities

Background The GNU C library is the standard C library used by Gentoo Linux systems. Description Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Impact A local attacker could trigger vulnerabilities in dynamic library...

gimp security update

2:2.6.9-6 - fix overflow in XWD loader CVE-2013-1913, CVE-2013-1978 2:2.6.9-5 - fix overflow in XWD loader 879302 2:2.6.9-5 - fix overflow in GIF loader 847303 2:2.6.9-5 - fix overflows in GIF, CEL loaders 727800, 839020 2:2.6.9-4.1 - fix various overflows 666793, 703403, 703405, 703407, 704512...

GLSA-201312-01 : GNU C Library: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201312-01 GNU C Library: Multiple vulnerabilities Multiple vulnerabilities have been discovered in GNU C Library. Please review the CVE identifiers referenced below for details. Impact : A local attacker could trigger...

Amazon Linux AMI : java-1.7.0-openjdk (ALAS-2013-235)

Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual Machine...

RHEL 6 : java-1.6.0-openjdk (RHSA-2013:1505)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1505 advisory. The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Multiple inp...

Important: java-1.6.0-openjdk

Issue Overview: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual...

OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

OpenJDK: ServiceLoader reject not subtype classes without instantiating (Libraries, 7195919)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.238 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different...

OpenJDK: sun.awt.datatransfer.ClassLoaderObjectInputStream class may incorrectly invoke the system class loader (CanSecWest 2013, AWT, 8009305)

The Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to execute arbitrary code via vectors related to AWT, as demonstrated by Ben Murphy during a Pwn2Own competiti...

JDK: java.lang.ClassLoder defineClass() code execution

Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...

OpenJDK: Integrate Apache Santuario, rework class loader (Libraries, 6741606, 8008744)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information...

Critical: java-1.7.0-openjdk

Issue Overview: Multiple input checking flaws were found in the 2D component native image parsing code. A specially crafted image file could trigger a Java Virtual Machine memory corruption and, possibly, lead to arbitrary code execution with the privileges of the user running the Java Virtual...

CVE-2013-2921

Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering...

CVE-2013-2921

CVE-2013-2921 is a use-after-free in Blink’s resource loader (ResourceFetcher::didLoadResource), affecting Chromium/Blink prior to 30.0.1599.66. The flaw can allow remote denial of service or other unspecified impacts via resource callback handling. Public records in connected docs confirm this C...

CVE-2013-2921

Removed by vendor...

SuSE 11.3 Security Update : Xen (SAT Patch Number 8063)

The Xen hypervisor and toolset has been updated to 4.2.206 to fix various bugs and security issues : The following security issues have been addressed : - Various integer overflows in the ELF loader were fixed. XSA-55. CVE-2013-2194 - Various pointer dereferences issues in the ELF loader were...