SAP NetWeaver AS JAVA Denial of Service Vulnerability

SAP NetWeaver is a service-oriented, integrated application platform from SAP that provides a development and runtime environment for SAP applications. SAP NetWeaver AS Application Server Java is an application server that runs in NetWeaver and is based on the Java programming language. SAP EP is...

Microsoft Windows Denial of Service Vulnerability (CNVD-2017-05724)

Microsoft Windows is the popular computer operating system. Microsoft Windows does not properly handle memory objects and is implemented with a denial-of-service vulnerability that can be exploited by an attacker to cause the target system to stop responding...

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2017-05767)

Microsoft Edge is the web browser built into the Windows 10 version. A memory corruption vulnerability vulnerability exists in the implementation when Microsoft Edge does not properly handle memory objects, which can be exploited by an attacker to execute arbitrary code and corrupt memory...

Microsoft Office Memory Corruption Vulnerability (CNVD-2017-05362)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. An information disclosure vulnerability exists in the Office software that does not properly handle memory objects, which can be exploited by an attacker to obtain memory information...

CVE-2017-0199: analysis Microsoft Office RTF vulnerability-vulnerability warning-the black bar safety net

FireEye recently detected using CVE-2017-0199 security vulnerabilities malicious Microsoft Office RTF document, be aware of CVE-2017-0199, but had not been disclosed vulnerability. When the user opens that contains the exploit Code of the document, the malicious code will download and execute the...

CVE-2017-0191

A denial of service vulnerability exists in the way that Windows 7, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 handles objects in memory. An attacker who successfully exploited the vulnerability could cause a target system...

Atlassian JIRA Remote Code Execution Vulnerability

Atlassian JIRA is a project and transaction tracking tool from Atlassian. The Atlassian JIRA Workflow Designer plug-in does not properly use XML parsers and parallelizers, which can be exploited by remote attackers to submit special serialized Java objects, execute arbitrary code, read arbitrary...

KB4015383: Security Updates for the libjpeg Information Disclosure Vulnerability (April 2017)

The remote Windows host is missing security updates. It is, therefore, affected by an information disclosure vulnerability in the open-source libjpeg image processing library due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this to disclose sensitive...

Win32k Information Disclosure Vulnerability

An information disclosure vulnerability exists when the win32k component improperly provides kernel information. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system. To exploit this vulnerability, an attacker would have to log ...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

Microsoft Windows ADO Array-Type Parameter Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

Cross-site scripting vulnerability in WebKit component of multiple Apple products

AppleiOS, Safari, and tvOS are products of Apple Inc. AppleiOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with the MacOSX and iOS operating systems; and tvOS is an operating system for smart TVs. webKit is an open source web...

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging

oletools is a package of python tools to analyze Microsoft OLE2 files also called Structured Storage, Compound File Binary Format or Compound Document File Format, such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the...

CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

DEBIAN-CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

Groovy: Remote code execution via deserialization

It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization an...

CVE-2017-2445

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via crafted frame objects...

Design/Logic Flaw

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via crafted frame objects...