(0Day) Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

vmware multiple products privilege escalation vulnerability-vulnerability warning-the black bar safety net

! /Article/UploadPic/2015-7/201571916117864.jpg Description This article briefly describes our findings and our most recent in the three main VMware Windows products find a vulnerability. The affected products include the‘VMware Workstation’, ‘Horizon Client’ with Local Mode Option, and Player’on...

Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (3076321)

This host is missing a critical security update according to Microsoft Bulletin MS15-065. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer CTreeNode Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Microsoft Office Memory Corruption (MS15-070: CVE-2015-2415)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

Microsoft Office Memory Corruption (MS15-070: CVE-2015-2379)

A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to an error in the way Microsoft Office improperly handles objects in memory while parsing specially crafted files. A remote attacker can exploit this issue by enticing a victim to open a specially crafted...

Adobe Flash Sound Universal Cross Site Scripting Vulnerability

This vulnerability allows remote attackers to read arbitrary data on vulnerable Adobe Flash installations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of Sound objects. A remote attacker can run arbitrary script in the context of any...

Adobe Flash Player ByteArray Use After Free

This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling ByteArray objects. This module has been tested successfully on: Windows 7 SP1 32-bit,...

Extra information for CVE-2014-4626 - EMC Documentum Content Server: authenticated user is able to elevate privileges, hijack Content Server filesystem, execute arbitrary commands by creating malicious dm_job objects

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed On April 2014 I discovered vulnerability in EMC Documentum Content Server which allow authenticated user to elevate privileges, hijack Content Server filesystem or execute arbitrary comman...

DLA-266-1 libxml2 - security update

Bulletin has no description...

Bomgar Remote Support < 15.1.1 Arbitrary Code Execution Vulnerability

Bomgar Remote Support is prone to an arbitrary code execution vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows Media Player Remote Code Execution Vulnerability

Microsoft Windows Media Player is a free media player. A security vulnerability in Microsoft Windows Media Player's handling of specially crafted DataObjects allows remote attackers to construct a malicious web page and trick users into parsing it, which could crash the application or execute...

Dell NetVault Backup Heap Buffer Overflow Remote Code Execution Vulnerability

NetVault Backup is a cross-platform backup and recovery software solution that protects data and applications in physical and virtual environments. It is scalable and supports multiple server and application platforms across the enterprise. It has a single, intuitive interface that requires minim...

[SECURITY] [DLA 231-1] dulwich security update

Package : dulwich Version : 0.6.1-1+deb6u1 CVE ID : CVE-2015-0838 Ivan Fratric of the Google Security Team has found a buffer overflow in the C implementation of the applydelta function, used when accessing Git objects in pack files. An attacker could take advantage of this flaw to cause the...

Internet Bug Bounty: Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298

The vulnerability allows a malicious Flash app on a website to read and write Local Shared Objects belonging to any website. As a special case, LSO's of macromedia.com contain global Flash settings. Overwriting them allows e.g. unlimited access to camera and microphone of the target user. Other...

Laravel 'prepareForUnserialize()' function remote PHP object injection vulnerability

Laravel is a set of PHP development framework. A remote PHP object injection vulnerability exists in Laravel that allows remote attackers to submit specially crafted serialized objects, delete and read files, and execute arbitrary local script code...

PHP Core Unserialize Key Name Code Execution - Ver2 (CVE-2015-0231)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a w...

PHP Core unserialize process nested data Use After Free - Ver2 (CVE-2014-8142)

A use-after-free vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a web applicati...

Microsoft Internet Explorer CElement::DelMarkupPtr Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

In-Console-Able

Posted by James Forshaw, giving the security community a shoulder to cry on. TL;DR; this blog post describes an unfixed bug in Windows 8.1 which allows you to escape restrictive job objects in order to help to develop a sandbox escape chain in Chrome or similar sandboxes. If you’re trying to...