54 matches found
Cisco Secure Access Control System Remote Code Execution Vulnerability
Cisco Secure Access Control System ACS is the United States Cisco Cisco a set of security access control system. The system can be through the RADIUS, TACACS protocol for network access and network device access control respectively. ACS Report is one of the system report generation component. An...
CVE-2018-0253
A vulnerability in the ACS Report component of Cisco Secure Access Control System ACS could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected system. Commands executed by the attacker are processed at the targeted user's privilege level. The vulnerability is d...
Vanilla: disclosure of email by sending a message.
Summary: When you send a message, the E-mail field is created. Thus, through the format of json, we can see the email of the user to whom we sent the letter Description: Steps to reproduce: 1. Create a message, select the user whose mail we want to open. F273484 F273485 2. Send a message and add...
CVE-2018-0850
Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability"...
CVE-2017-17847
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachmen...
UBUNTU-CVE-2017-11362
In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformatparse.c does not restrict the locale length, which allows remote attackers to cause a denial of service stack-based buffer overflow and application crash or possibly have unspecified other impact within International...
Fedora 25 : globus-ftp-client / globus-gass-cache-program / globus-gass-copy / etc (2017-7591a8e2c9)
globus-ftp-client - Adapt to Perl 5.26 - POSIX::tmpnam no longer available - Remove some redundant tests to reduce test time globus-gass-cache-program - GT6 update globus-gass-copy - Don't attempt sshftp data protection without creds 9.24 - Checksum verification based on contribution from IBM 9.2...
Fedora 24 : globus-ftp-client / globus-gass-cache-program / globus-gass-copy / etc (2017-5f8ebbd2b1)
globus-ftp-client - Adapt to Perl 5.26 - POSIX::tmpnam no longer available - Remove some redundant tests to reduce test time globus-gass-cache-program - GT6 update globus-gass-copy - Don't attempt sshftp data protection without creds 9.24 - Checksum verification based on contribution from IBM 9.2...
UBUNTU-CVE-2017-5878
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data...
PT-2018-27: Arbitrary Command Execution in Cisco Secure ACS
The specialists of the Positive Research center have detected an Arbitrary Command Execution vulnerability in Cisco Secure ACS. A vulnerability in Cisco Secure Access Control System ACS, due to insufficient validation of the Action Message Format AMF protocol, allows unauthenticated, remote...
Action Message Format (AMF3) Java Remote Code Execution Vulnerability
AMF3 is the latest version of Adobe Action Message Format, a compressed binary format for graphical serialization of ActionScript objects. A Java remote code execution vulnerability exists in Action Message Format, which could allow an attacker to execute arbitrary code during an AMF3...
Java AMF3 deserialization vulnerability analysis-vulnerability warning-the black bar safety net
AMF Action Message Format is a binary serialization format, before the main Flash application in using this format. Recently, the Code White found to have multiple Java AMF library in the presence of vulnerabilities, and these vulnerabilities will lead to unauthenticated remote code execution...
VMware vCenter Server BlazeDS Component Remote Code Execution Vulnerability
VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. A remote code execution vulnerability exists...
Reverse Engineering Communication Protocols: Netzob
Reverse Engineering Communication Protocols Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be...
The vulnerability of the Flash Player software, which allows a perpetrator to execute arbitrary code
The vulnerability of the Action Message Format component of the Flash Player software platform is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
The vulnerability of the Flash Player software, which allows a perpetrator to execute arbitrary code
The vulnerability of the Flash Player software is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code as a result of serializing the Action Message Format...
The vulnerability of the Flash Player software, which allows a violator to execute arbitrary code
The vulnerability of the Flash Player software is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code as a result of serialization using the Action Message Format AFM0...
flash-plugin: multiple code execution issues fixed in APSB16-39
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization AFM0. Successful exploitation could lead to arbitrary code execution...
PT-2016-2951 · Adobe +3 · Flash Player +3
Name of the Vulnerable Software and Affected Versions: Adobe Flash Player versions 23.0.0.207 and earlier Adobe Flash Player versions 11.2.202.644 and earlier Description: The issue is related to a use after free vulnerability in the Action Message Format serialization. This vulnerability can be...
Updated firefox and thunderbird packages fix security vulnerabilities
Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be...