[SECURITY] Fedora 24 Update: rubygem-activerecord-4.2.5.2-2.fc24

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

[SECURITY] Fedora 25 Update: rubygem-activerecord-5.0.0.1-1.fc25

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Mozilla Firefox ESR < 45.3 Multiple Vulnerabilities

Binary data 9485.prm...

Vulnerability of Firefox and Firefox ESR browsers, allowing attackers to execute arbitrary code

The vulnerability of WebRTC sockets in Firefox and Firefox ESR browsers relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by using incorrect free operations on DTLS objects during the termination of a WebRTC session...

[SECURITY] Fedora 24 Update: python3-3.5.1-13.fc24

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

Microsoft Win32k Elevation of Privilege Vulnerability (CNVD-2016-06265)

Microsoft Windows is the popular computer operating system. Some versions of the Windows kernel-mode driver do not properly handle memory objects and an elevation of privilege vulnerability exists, which can be exploited by a local user with a constructed application...

Microsoft Kernel-Mode Drivers Multiple Privilege Elevation Vulnerabilities (3178466)

This host is missing an important security update according to Microsoft Bulletin MS16-098. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft OneNote Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft OneNote improperly discloses its memory contents. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could create a specially craft...

Microsoft Internet Explorer Memory Corruption (MS16-095: CVE-2016-3322)

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to the mishandling of cached objects in complex webpages. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could allow attackers to execute...

Microsoft Internet Explorer Information Disclosure (MS16-095: CVE-2016-3327)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer and Edge. The vulnerability is due to improper handling of objects in memory. A remote attacker can exploit this vulnerability by enticing a victim to open a maliciously crafted web page...

Microsoft Windows win32k RGNOBJ Integer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within RGNOBJ objects...

Microsoft Windows Win32k Elevation of Privilege (MS16-098: CVE-2016-3309)

An elevation of privilege vulnerability exists in the Windows Kernel. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker can exploit this vulnerability by running a specially crafted application...

KLA10856 Multiple vulnerabilities in Microsoft Windows

Multiple serious vulnerabilities have been found in Microsoft Windows. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, gain privileges or obtain sensitive information. Below is a complete list of vulnerabilities 1. An improper embedded...

Design/Logic Flaw

Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session...

CVE-2016-5258

CVE-2016-5258 is a use-after-free vulnerability in Firefox’s WebRTC DTLS handling, specifically a memory misreference in the WebRTC socket thread during shutdown of a WebRTC session. Public sources consistently describe it as allowing remote code execution due to incorrect free operations on DTLS...

PHP7 Unserialization Use After Free

A Use-After-Free vulnerability exists in the Standard PHP library's unserializion of array objects, due to an internal array self-reference. An attacker could exploit this vulnerability by supplying crafted input to a PHP application. Successful exploitation may result in remote execution of...

PT-2016-6790 · Perl +2 · Xloader +2

Name of the Vulnerable Software and Affected Versions: Perl affected versions not specified Description: The XSLoader::load method in XSLoader does not properly locate .so files when called in a string eval. This might allow local users to execute arbitrary code via a Trojan horse library under t...

ALPINE-CVE-2016-5129

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

UBUNTU-CVE-2016-5129

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code...

OWASP Mth3l3m3nt Framework - Penetration Testing Aiding Tool And Exploitation Framework

OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. It fosters a principle of attack the web using the web as well as pentest on the go through its responsive interface. Modules Packed in so far are: Payload Store Shell Generator PHP/ASP/JSP/JSPX/CFM Payloa...