Ubuntu: Security Advisory (USN-3157-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for thunderbird RHSA-2016:2825-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SA103 : October 2015 NTP Security Vulnerabilities

SUMMARY Blue Coat products using affected 4.2 versions of the NTP software distribution from ntp.org are susceptible to multiple vulnerabilities. A remote attacker may exploit these vulnerabilities to cause denial of service due to application crashes, memory corruption and memory depletion. The...

SO Planning PHP Code Injection Vulnerability

SO Planning is a free and open source set of online project production and management tools. SO Planning suffers from a PHP code injection vulnerability that allows remote attackers to submit a special request, inject malicious code and execute it...

Unspecified Vulnerability in Schneider Electric Wonderware System Platform

Wonderware System Platform is a system platform used in a variety of applications. A fixed search path vulnerability exists in Schneider Electric's Wonderware InTouch, Application Server, Historian, SuiteLink application. This vulnerability could be exploited by an attacker to install and execute...

Rockwell Automation Connected Components Workbench ActiveX Component Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on November 6, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi working through ZDI has identified two custom ActiveX Component vulnerabilities in Rockwell...

Microsoft Windows XP/ME Help and Support Center Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6966/info The Microsoft Windows ME Help and Support Center is prone to a buffer overflow. This is due to insufficient bounds checking on input supplied through the HCP URI parameter. An attacker can exploit this...

3CDaemon 2.0 - Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/4638/info 3CDaemon is an FTP server developed by Dan Gill of 3Com. Reportedly, it is possible to initiate a buffer overflow on a host running 3CDaemon. Submitting an unusually large amount of data to the ftp server, could...

GV 2.x/3.x Malformed PDF/PS File Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/5808/info gv is a freely available, open source Portable Document Format PDF and PostScript PS viewing utility. It is available for Unix and Linux operating systems. It has been reported that an insecure sscanf function...

auto-format of Curl responses may lead to code execution

When executing a cURL request using the RequestCurl class with an unvalidated URL provided by user input, or a request to a malicious or a legitimate but hacked website, a specially crafted response can lead to auto-execution of malicious code, due to the way the auto formatting mechanism works...

Gaming Platforms as an attack vector against remote systems

Little more than a year ago I wrote about the possibility to attack gaming platform to compromise large audience of gamers in stealthy way, the access to millions of machines represent a dream for every attackers and I hypnotized its repercussion in cyber warfare domains. Gaming platform are...

Debian Security Advisory DSA 2643-1 (puppet - several vulnerabilities)

Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. CVE-2013-1640An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the...

CentOS Update for firefox CESA-2012:0515 centos6

Check for the Version of firefox OpenVAS Vulnerability Test CentOS Update for firefox CESA-2012:0515 centos6 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

Intel CPU Vulnerability can provide control of your system to attacker

Intel CPU Vulnerability can provide control of your system to attacker The U.S. Computer Emergency Readiness Team US-CERT has disclosed a flaw in Intel chips that could allow hackers to gain control of Windows and other operating systems. The flaw has already been exploited on 64-bit versions of...

Persistent XSS Vulnerability in White House Website

Persistent XSS Vulnerability in White House Website Alexander Fuchs, A German Security Researcher Discover Persistent XSS Vulnerability in Official website of White House. He said "The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions a...

Adobe Flash Player ActionScript Function Arguments Code Execution

Added: 08/22/2011 CVE: CVE-2011-2110 BID: 48268 OSVDB: 73007 Background Adobe Flash Player is a cross-platform browser plug-in providing visual enhancements for web pages. Problem The Adobe Flash Player ActionScript Engine is vulnerable to an information leak that can be leveraged to execute...

dedecms 5.7 the background to get SHELL vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: dedecms 5.7 teach the previous version has been greatly improved, fix for 5. 6 The following version serious uploaded 0day; quite tasteless, the premise is to have background permissions. Since the system comes with a file Manager Plug-In does not filter the file upload...

DedeCms v5. 6 embed malicious code execution vulnerabilities and fixes-vulnerability warning-the black bar safety net

Published:2011-03-02 Affected version: DedeCms v5. 6 vulnerability description: In the upload software of the Local, the local address not be effectively verified, it can be maliciously used reference toby57 Test method: Registered members, upload software: the local address filled in...

ydownloader DLL Hijacking Exploit (dwmapi.dll)

Exploit for windows platform in category local exploits ============================================== ydownloader DLL Hijacking Exploit dwmapi.dll ============================================== / ydloader DLL Hijacking Exploit dwmapi.dll Author : anT!-Tr0J4n Greetz : Dev-PoinT.com inj3ct0r.com A...

Plugins Dll Hijacking Exploit

Exploit for windows platform in category local exploits ============================= Plugins Dll Hijacking Exploit ============================= Exploit Title: Dll Hijacking Exploit Application: Application plugin support Date: 07 Sept 2010 Author: STRELiTZIA Version: %Applications list% Tested...