Code injection

The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings...

CVE-2015-3844

The CVE-2015-3844 entry concerns Android’s ActivityManagerService.getProcessRecordLocked() before 5.1.1 (LMY48I). The issue arises when the method does not verify that an application’s process name matches its package name, which can lead ActivityManager to load the wrong process for certain task...

JVN#49503705: Python for Windows may insecurely load dynamic libraries

Python for Windows contains an issue with the DLL search path, which may lead to insecurely loading a DLL called readline.pyd. Impact Arbitray code may be executed with the privileges of python.exe. Solution Apply a workaround Applying the following workaround will mitigate the effects of this...

Apple iTunes Multiple Vulnerabilities (Sep 2015) - Windows

Apple iTunes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes"; ifdescription...

CVE-2015-3844

The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings...

Android sqlite load_extension vulnerability analysis-vulnerability warning-the black bar safety net

SQLite from 3. 3. 6 version http://www.sqlite.org/cgi/src/artifact/71405a8f9fedc0c2 start provides support for expansion of capacity, by sqliteloadextension API or loadextensionSQL statement, developers can not change the SQLite source code of the case, through the dynamic loading of libraries,...

SUSE-SU-2015:1776-1 Security update for haproxy

haxproy was updated to backport various security fixes and related patches bsc937202 bsc937042 CVE-2015-3281 + BUG/MAJOR: buffers: make the bufferslowrealign function respect output data + BUG/MINOR: ssl: fix smpfetchsslfcsessionid + MEDIUM: ssl: replace standards DH groups with custom ones +...

Microsoft Office Products Insecure Library Loading Vulnerability

microsoft products is prone to insecure library loading vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 21 Update: gdk-pixbuf2-2.31.6-1.fc21

gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter...

[SECURITY] Fedora 22 Update: gdk-pixbuf2-2.31.6-1.fc22

gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter...

Empire: a PowerShell post-exploitation Agent tools-vulnerability warning-the black bar safety net

Empire is a purely PowerShell post-exploitation Agent tools, it is built on cryptography, secure communications and flexible architecture. Empire realize the need to powershell. exe you can run a PowerShell proxy function. Rapid deployment post-exploit module, from the keyboard recorder to...

CentOS Update for gdk-pixbuf2 CESA-2015:1694 centos7

Check the version of gdk-pixbuf2 SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882266";...

RHEL 6 / 7 : gdk-pixbuf2 (RHSA-2015:1694)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2015:1694 advisory. gdk-pixbuf is an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or...

Moderate: Red Hat Security Advisory: gdk-pixbuf2 security update

Updated gdk-pixbuf2 packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

ownCloud: Full Path Disclosure

When I was trying to load a file which is not actually exist then it shows "message":"Could not obtain lock type 1 on "/opt/lampp/htdocs/owncloud/data/admin/files/lol"." Request GET /owncloud/index.php/apps/filestexteditor/ajax/loadfile?filename=lol HTTP/1.1 Host: 192.168.0.105...

SUSE-RU-2015:1412-1 Recommended update for openssl1

This openssl update fixes a regression caused by the patch for CVE-2015-0287, which could cause DSA keys not be correctly loaded from disk. bsc937492...

The vulnerability of the Moodle learning management system allows a hacker to bypass access restrictions for managing files.

The vulnerability of the files/externallib.php sub-component of the Moodle learning management system is related to deficiencies in access control for certain functions. Exploiting this vulnerability could allow a malicious actor to circumvent access restrictions to file management by using web...

SUSE-SU-2015:1410-1 Recommended update for openssl

This update of openssl fixes two regressions. - A regression was caused by the security fix for CVE-2015-0287, where DSA keys were not correctly loaded from file anymore. bsc937492 - RSA key generation odd keylengths was entering an endless loop bsc937212...

Microsoft Internet Explorer DLL Planting Sandbox Escape Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows DLL Loading CVE-2015-2369 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Technologies Affected Avaya CallPilot...