Multiple vulnerabilites in Java 1.7.0_15

The version of Java we bundle with Confluence is badly out of date, and well behind the security baseline Oracle defines see http://www.oracle.com/technetwork/java/javase/7u80-relnotes-2494162.html for example, which says we should be running update 79 for security fixes, and update 80 for...

[SECURITY] [email protected]

Package : bash Version : 4.1-3+deb6u1 CVE ID : CVE-2014-6271 Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash...

[SECURITY] [email protected]

Package : bash Version : 4.1-3+deb6u1 CVE ID : CVE-2014-6271 Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash...

[SECURITY] [DSA 3032-1] bash security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3032-1 [email protected] http://www.debian.org/security/ Florian Weimer September 24, 2014 http://www.debian.org/security/faq -...

DLA-59-1 bash - security update

Bulletin has no description...

DSA-3032-1 bash - security update

Bulletin has no description...

Linux Kernel <= 2.6.21.1 - IPv6 Jumbo Bug Remote DoS Exploit

No description provided by source. / Clemens Kurtenbach ckurtenbach at s21sec . com PoC code for exploiting the jumbo bug found in linux kernels =2.6.20 and =2.6.21.1 gcc -O2 ipv6jumbocrash.c -o ipv6jumbocrash / / io / include stdio.h include string.h include stdlib.h / network / include...

SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 - Denial of Service

No description provided by source. ''' Exploit Title: SolidWorks Workgroup PDM 2014 SP2 Opcode 2001 Remote Code Execution Vulnerability Date: 2-18-2014 Author: Mohamed Shetta Email: mshetta |at| live |dot| com Vendor Homepage:...

Fujitsu Chocoa 1.0 beta7R "Topic" Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/573/info The Chocoa IRC client has an unchecked buffer in the code that processes channel topics. If the server returns a topic that overwrites the client's buffer and contains exploit code arbitrary commands can be run o...

KLA10013 OSI vulnerability in multiple Microsoft XML Core Services

By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited from the network at a point related to MSXML via a specially designed website. It is caused by a missing property information restriction. Original advisories MS Bulletin...

KLA10129 ACE vulnerability in Core FTP

A buffer overflow was found in Core FTP. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited from the network via a specially designed server reply. Original advisories Core FTP changelog Related products Core-FTP-client...

destoon新版短消息中心xss指谁打谁(二）

简要描述： destoon新版短消息中心xss指谁打谁（二）。 详细说明： 之前对带有"on"的都进行了过滤，增加了难度 首先选取一个对象我们去发消息 可是这次发现了基本的都没过滤.. 然后抓包，往里面填充我们的xss代码 漏洞证明： 发现有网络建立了 仔细查看原来是script...

KLA10021 LPE vulnerability in DAEMON Tools

An unspecified vulnerability was found in the DAEMON Tools. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited from the network at a point related to path search. Via a Trojan horse. Original advisories NVD Exploitation Public exploits exist...

HP Data Protector Client 6.11 / 6.20 Remote Code Execution

!/usr/bin/env python Exploit Title: HP Data Protector Client EXECCMD Remote Code Execution Vulnerability Date: 2012-12-06 Exploit Author: Ben Turner Vendor Homepage: www.hp.com Version: 6.11 & 6.20 Tested on: Windows 2003 Server SP2 en CVE: CVE-2011-0922 Notes: ZDI-11-056 Reference:...

KLA10101 SB vulnerabilities in Cerberus FTP Server

A CSRF vulnerability was found in the Cerberus FTP Server. By exploiting this vulnerability malicious users can hijack the administrators’ auth. This vulnerability can be exploited from the network at a point related to the web interface. Original advisories - Related products Cerberus-FTP-Server...

Remote code execution vulnerability in smbd

Description Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon smbd are increasing strictly monotonically. Therefore a remote code execution vulnerability exists in the smbd service. A remote attacker could use the vulnerability to launch an exploit over a network...

KLA10062 LPE vulnerability in ALFtp

An untrusted path vulnerability was found in ALFtp. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited from the network at point related to unknown vectors. Original advisories ALtools advisory Related products Altools-ALFTP CVE list...

KLA10031 Critical vulnerabilities in Adobe Flash Media Server

An unspecified vulnerability was found in the Adobe FMS. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited from the network at a point related to an unknown application via memory corruption. Original advisories Adobe bulletin Relate...

USN-1159-1: Linux kernel vulnerabilities (Marvell Dove)

Brad Spengler discovered that the kernel did not correctly account for userspace memory allocations during exec calls. A local attacker could exploit this to consume all system memory, leading to a denial of service. CVE-2010-4243 Alexander Duyck discovered that the Intel Gigabit Ethernet driver...

KLA10116 ACE vulnerability in Citrix

An unspecified vulnerability was found in Citrix XenApp & XenDesktop. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited from the network via a specially designed web site. Original advisories - Related products Citrix-XenApp CVE list...