Oracle Critical Patch Update Advisory - October 2024

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

KLA66426 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds read vulnerability in V8 API can be exploited to cause denial of service. 2...

KLA52554 SB vulnerability in Apache Tomcat

Security vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 9.0.80 Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 10.1.13 Exploitation Malware exis...

CVE-2023-29408 Excessive resource consumption in golang.org/x/image/tiff

The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image both in terms of pixel width/height, and encoded size to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU...

Malicious users can exploit NameEncoder vulnerability to forge arbitrary names

Lines of code Vulnerability details Impact A malicious user can spoof NameEncoder.dnsEncodeName by forging a name to impersonate any other name, which can lead to faulty contract logic or even theft of someone else's name. Proof of Concept The function NameEncoder.dnsEncodeName is used to convert...

Microsoft Windows Kernel 安全漏洞

Microsoft Windows Kernel is the kernel of the Windows operating system by Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows Kernel. An attacker can exploit the vulnerability to elevate privileges...

Oracle Critical Patch Update Advisory - April 2021

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

Trojan.Win32.Agent.hsm Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c58d5aecd223ac95ae5fab6dcd69e953.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.hsm Vulnerability: Insecure Permissions Description: Agent.hsm creates an insecur...

Adobe After Effects Buffer Overflow Vulnerability (CNVD-2020-36226)

Adobe After Effects is a set of visual effects and motion graphics production software from the American company Audobee Adobe. The software is mainly used for 2D and 3D synthesis, animation and visual effects production. A buffer overflow vulnerability exists in Adobe After Effects. An attacker...

Oracle Critical Patch Update Advisory - April 2019

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories...

Apache OpenMeetings Security Restriction Vulnerability

Apache OpenMeetings is the United States Apache Apache Software Foundation developed a set of multi-language customizable video conferencing and collaboration system, which supports audio, video and allows users to view each participant's desktop and so on. A security vulnerability exists in Apac...

Oracle Critical Patch Update Advisory - January 2015

A Critical Patch Update CPU is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update...

IRCCloud: HTML Form without CSRF protection

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Attack details Form name: Form action:...

Oracle Hyperion Enterprise Performance Management arsqls24.dll缓冲区溢出漏洞

Oracle Hyperion Enterprise Performance Management是性能管理软件。 Oracle Hyperion Enterprise Performance Management在实现上存在安全漏洞，可被恶意用户利用控制用户系统。 在解析数据库连接字符串时，arsqls24.dll中存在边界错误。通过诱使用户打开特制的Hyperion Interactive Reporting Studio .oce文件造成栈缓冲区溢出。 Oracle Hyperion Enterprise Performance Management EPM 11.x 厂商补丁：...

EasyPHP Web Server 5.3.5.0 DLL Hijack

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

UnrealIRCD 3.2.8.1 Backdoor Command Execution

$Id: unrealircd3281backdoor.rb 9510 2010-06-13 12:41:48Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

MS Internet Explorer Recordset Double Free Memory Exploit (MS07-009)

No description provided by source. HTML !-- Microsoft Internet Explorer ADODB.Recordset Double Free Memory Exploit ms07-009. Review: This code exploit "double free error" in msado15.dll NextRecordset function. As a result of double freeing of same string, rewriting of Heap Control Block ...

[SA20179] ZipCentral ZIP File Handling Buffer Overflow Vulnerability

---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerabilit...

Net Portal Dynamic System <= 5.0 (register users) Denial of Service

Exploit for multiple platform in category dos / poc =================================================================== Net Portal Dynamic System = 5.0 register users Denial of Service =================================================================== !/usr/bin/perl Type|+ Register multiple user...

foxmailDoS.txt

DATE: 02/04/2005 AUTHOR: Fortinet, inc xouyang PRODUCTS: Foxmail Server- A MAil server for both Windows and linux. AFFECTED VERSION: Foxmail server for windows version 2.0Newest.I just test windows server ,maybe linux version have vulnerability too. Description: Foxmail-the Email client applicati...