Microsoft Windows Local Elevation of Privilege Vulnerability (CNVD-2016-10977)

Microsoft Windows is the popular computer operating system. An elevation of privilege vulnerability exists in the implementation of the Windows Common Log File System CLFS driver that does not properly handle memory objects. Successful exploitation could allow an attacker to run processes with...

Microsoft Windows Local Elevation of Privilege Vulnerability (CNVD-2016-11013)

Microsoft Windows is a series of operating systems released by the American company Microsoft. An elevation of privilege vulnerability exists in the Windows Common Log File System CLFS driver that does not properly handle memory objects. An attacker could be allowed to exploit the vulnerability t...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have...

Windows Bowser.sys Information Disclosure Vulnerability

An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could potentially disclose contents of System memory to which they should not have access. ...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have...

Microsoft Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory. An attacker who successfully exploited this vulnerability could trick a user into allowing access to the user’s My Documents folder. For an attack to be successful, an attacker must persuade a...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

Adobe Flash TextField Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Adobe Flash LocalConnection Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

KLA10902 Multiple vulnerabilities in Microsoft Office

Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1. Out-of-bounds read can be exploited remotely via a specially designed...

Alienvault OSSIM and USM PHP Object Injection Vulnerabilities

AlienVault OSSIM is an open source security information management system.USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. An object injection vulnerability exists in Alienvault OSSIM and USM, which...

Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ Sentinel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain Java objects. The issue lies in the...

Microsoft Windows Kernel 'Win32k.sys' local elevation of privilege vulnerability (CNVD-2016-09367)

Microsoft Windows is the popular computer operating system. An elevation of privilege vulnerability exists when the Microsoft kernel mode driver does not properly handle memory objects. This could allow an attacker to run arbitrary code in kernel mode...

Microsoft Windows Graphics Component Information Disclosure Vulnerability (CNVD-2016-09365)

Microsoft Windows is the popular computer operating system. An information disclosure vulnerability exists in the Windows Graphics Device Interface GDI processing memory object. An attacker could exploit this vulnerability to obtain sensitive information on the target system...

Microsoft Edge Scripting Engine Information Disclosure Vulnerability

Microsoft Edge is the web browser built into the Windows 10 version. An information leakage vulnerability exists when Microsoft Edge fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise a user's system...

Android - Binder Generic ASLR Leak Vulnerability

Exploit for Android platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=889 The interaction between the kernel /dev/binder and the usermode Parcel.cpp mean that when a binder object is passed as BINDERTYPEBINDER or BINDERTYPEWEAKBINDER, a pointer to th...

Red Hat Jboss Remote Code Execution Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. A remote code execution vulnerability exists in the JMX servle...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...

Acrobat Reader DC XFA CPDField Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Win32k Elevation of Privilege (MS16-123: CVE-2016-3266)

An elevation of privilege vulnerability exists in Microsoft Windows. The vulnerability is caused when the Windows kernel-mode driver fails to properly handle objects in memory. A remote attacker could exploit this vulnerability by running a specially crafted application...