Oracle Java Uninitialized Object Generation Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Java. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way the runtime...

Harvest: Stored XSS on invoice, executing on any subdomain

Summary ----------- There is a stored XSS vulnerability, which can execute on any subdomain as the vulnerability lies in an invoice. You are filtering HTML and js, but you neglect to filter out Flash objects, which can execute javascript. Steps to reproduce ------------- 1. Create an invoice and...

Multiple PHP object injection vulnerabilities in SugarCRM

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. Multiple PHP obje...

Debian DLA-552-1 : binutils security update

Some minor security issues have been identified and fixed in binutils in Debian LTS. These are : CVE-2016-2226 Exploitable buffer overflow. CVE-2016-4487 Invalid write due to a use-after-free to array btypevec. CVE-2016-4488 Invalid write due to a use-after-free to array ktypevec. CVE-2016-4489...

The vulnerability of the SolarWinds Virtualization Manager software allows a hacker to execute arbitrary commands.

The vulnerability of the RMI component of the SolarWinds Virtualization Manager relates to the restoration of unreliable data in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely, using a specially crafted serialized Java object...

DLA-552-1 binutils - security update

Bulletin has no description...

[SECURITY] Fedora 23 Update: python3-3.4.3-11.fc23

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

Microsoft Office Compatibility Pack Multiple RCE Vulnerabilities (3170008)

This host is missing an important security update according to Microsoft Bulletin MS16-088. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

SolarWinds Virtualization Manager Java Object Deserialization RCE

The remote SolarWinds Virtualization Manager server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a specially...

MSRT July 2016 – Cerber ransomware

As part of our ongoing effort to provide better malware protection, the July 2016 release of the Microsoft Malicious Software Removal Tool MSRT includes detection for Win32/Cerber, a prevalent ransomware family. The inclusion in MSRT complements our Cerber-specific family detections in Windows...

Windows Kernel Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create ne...

[SECURITY] Fedora 22 Update: python3-3.4.2-8.fc22

Python 3 is a new version of the language that is incompatible with the 2.x line of releases. The language is mostly the same, but many details, especi ally how built-in objects like dictionaries and strings work, have changed considerably, and a lot of deprecated features have finally been remov...

PT-2016-3244 · Apache +2 · Apache Xml-Rpc Library +2

Name of the Vulnerable Software and Affected Versions: Apache XML-RPC library version 3.1.3 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element. This is due to the library's failure to properly verify data from external...

Microsoft Internet Explorer Information Disclosure (MS16-084 : CVE-2016-3261)

An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Microsoft Internet Explorer while handling certain javascript memory objects. A remote attacker can exploit this issue by enticing a user to open a specially crafted...

KLA10843 Code execution vulnerability in Microsoft JScript and VBScript engines

An improper objects handling was found in Microsoft JScript and VBScript. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed content. Technical details To mitigate this vulnerability you can restrict...

KLA10842 Multiple code execution vulnerabilities in Microsoft Office

An improper memory objects handling and XLA files handling were found in Microsoft Office. By exploiting these vulnerabilities malicious users can execute arbitrary code. These vulnerabilities can be exploited remotely via a specially designed files. Technical details To mitigate some of these...

SugarCRM PHP Object Injection Vulnerability (Jun 2016)

SugarCRM is prone to a PHP injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sugarcrm:sugarcrm";...

The vulnerability of the PHP interpreter, which allows a remote attacker to execute arbitrary code

The multiple vulnerabilities of the PHP interpreter are located in the ext/date/phpdate.c component. These vulnerabilities involve the use of memory after it has been freed. As a result of exploiting these vulnerabilities by a malicious actor operating remotely, arbitrary code can be executed usi...

The vulnerability of the Firefox browser allows a malicious attacker to compromise the confidentiality and integrity of protected information.

The vulnerability in the implementation of XrayWrapper in Mozilla Firefox allows malicious actors to bypass access restrictions by using a specially crafted web page, provided that the user visits it through a debugger. This enables operations such as unwrapping and calling DOM methods on unwrapp...

The vulnerability of the Windows operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in Windows OLE allows for the execution of code remotely, provided that the user opens a file containing a specially crafted OLE object. Exploiting this vulnerability enables the attacker to gain privileges similar to those of an authorized user. If the accessing user has...