Microsoft VBA Hidden Modules

Credits: Maxim Tomashevich / Thegrideon Software Website: https://www.thegrideon.com/ Details: https://www.thegrideon.com/vba-internals.html Vendor: --------------------- Microsoft Product: --------------------- Visual Basic for Applications VBA 6.5 - 7.1 x32 / x64 Vulnerability Details:...

Virtuozzo 6 : libvzctl / parallels-kernel-modules / etc (VZA-2017-005)

According to the versions of the libvzctl / parallels-kernel-modules / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A flaw found in the way prl-vzvncserver parsed terminal escape sequences that could allow a remote attacker...

metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of exploit modules and tools for penetration testing and vulnerability assessment. The framework is written in Ruby and is widely used by security professionals and researchers. The repository contains a large number of...

Cross site scripting

Multiple Cross-Site Scripting XSS were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkoutitem.php, bibliography/dlprint.php, bibliography/item.php, bibliography/itembarcodegenerator.php, bibliography/printedcard.php,...

CVE-2017-7242

Multiple Cross-Site Scripting XSS were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkoutitem.php, bibliography/dlprint.php, bibliography/item.php, bibliography/itembarcodegenerator.php, bibliography/printedcard.php,...

CVE-2017-7242

CVE-2017-7242 is an XSS vulnerability in SLiMS 7 Cendana affecting multiple admin/modules components. The described flaws involve unsafely handling user-supplied input in the keywords parameter across several scripts (bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.ph...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

Directory traversal

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

DEBIAN-CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

Open Source Malware Analysis Platform: FAME

Open Source Malware Analysis Platform FAME is an open source malware analysis platform that is meant to facilitate analysis of malware-related files, leveraging as much knowledge as possible in order to speed up and automate end-to-end analysis. FAME should be seen as a malware analysis framework...

CVE-2016-10048

Directory traversal vulnerability in magick/module.c in ImageMagick 6.9.4-7 allows remote attackers to load arbitrary modules via unspecified vectors...

National Instruments LabVIEW LvVarientUnflatten Code Execution Vulnerability

Summary An exploitable memory corruption vulnerability exists in the LvVarientUnflatten functionality of LabVIEW 2016 version 16.0.0.49152. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled V...

CVE-2017-6833

The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service divide-by-zero error and crash via a crafted file...

CVE-2017-6836

Heap-based buffer overflow in the Expand3To4Module::run function in libaudiofile/modules/SimpleModule.h in Audio File Library aka audiofile 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0 allows remote attackers to cause a denial of service crash via a crafted file...

BGP Hijack Detection: TaBi

BGP Hijack Detection Developed since 2011 for the needs of the French Internet Resilience Observatory , TaBi is a framework that ease the detection of BGP IP prefixes conflicts, and their classification into BGP hijacking events. The term prefix hijacking refers to an event when an AS, called an...

CVE-2017-6967

xrdp 0.9.1 calls the PAM function authstartsession in an incorrect location, leading to PAM session modules not being properly initialized, with a potential consequence of incorrect configurations or elevation of privileges, aka a pamlimits.so bypass...

CVE-2017-6839

Integer overflow in modules/MSADPCM.cpp in Audio File Library aka audiofile 0.3.6 allows remote attackers to cause a denial of service crash via a crafted file...

openSUSE Security Update : openssh (openSUSE-2017-339)

This update for openssh fixes the following issues : - CVE-2016-8858: prevent resource depletion during key exchange bsc1005480 - CVE-2016-10009: limit directories for loading PKCS11 modules to avoid privilege escalation bsc1016366 - CVE-2016-10011: Prevent possible leaks of host private keys to...