(Pwn2Own) Adobe Flash AS2 Transform matrix Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Transform object...

EMC Documentum D2 < 4.6 Insufficient ACL Remote Object Manipulation (ESA-2016-034)

The remote host is running a version EMC Documentum D2 that is prior to 4.6. It is, therefore, affected by a security bypass vulnerability due to a failure to set secure access control lists ACLs for D2 configuration objects. An authenticated, remote attacker can exploit this to modify or delete ...

Design/Logic Flaw

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...

CVE-2016-0888

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...

CVE-2016-0888

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...

EMC Documentum D2 Unauthorized Operation Vulnerability

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. Multiple D2 Configuration object types in EMC Documentum D2 versions prior to 4.6 fail to properly use ACLs, which can be exploited by an authenticated,...

Unspecified Vulnerability in Adobe Experience Manager

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. An unspecified vulnerability exists in AEM, which can be exploited by remote attackers with the help of specially crafte...

HPE Asset Manager Arbitrary Code Execution Vulnerability

HP AssetManager is a solution for managing the lifecycle of IT assets. A security vulnerability exists in HPE Asset Manager 9.40, 9.41, 9.50, and Asset Manager CloudSystem Chargeback 9.40, which can be exploited by remote attackers to execute arbitrary commands via constructed serialized Java...

Find Objects Hidden Object - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Find Objects Hidden Object published at the 'play' market has multiple vulnerabilities...

Hidden Objects: Twilight Town - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Hidden Objects: Twilight Town published at the 'play' market has multiple vulnerabilities...

jre7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jdk7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

The vulnerability of the Ruby on Rails software platform, which allows attackers to circumvent existing access control policies

The vulnerability in the nestedattributes.rb file of the activerecord/lib/activerecord module in the Ruby on Rails software framework is related to access control deficiencies. Exploiting this vulnerability could allow an attacker to bypass existing access restrictions by using nested attributes ...

SPIP code injection vulnerability

SPIP is a free Web-based content publishing system. The system is primarily used for online collaboration. A code injection vulnerability exists in SPIP. An attacker can exploit this vulnerability to inject arbitrary objects with the help of deserialization of untrustworthy content...

Internet Bug Bounty: Use after free with assign by ref to overloaded objects

Reported: 2015-07-15 16:30 UTC Fixed: 2015-07-21 14:20 UTC Bug Report: https://bugs.php.net/bug.php?id=70083 Fixed in PHP 5.6: http://git.php.net/?p=php-src.git;a=commitdiff;h=f57cb13c566613eec0e1c2f6d96d18565436a9b7 Fixed in 7:...

Squid Multiple DoS Vulnerabilities (SQUID-2016:2) - Windows

Squid is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Analyzing Linux Malware Sandbox: Limon

Limon is a sandbox developed as a research project written in python, which automatically collects, analyzes, and reports on the run time indicators of Linux malware. It allows one to inspect the Linux malware before execution, during execution, and after execution post-mortem analysis by...

[SECURITY] Fedora 23 Update: rubygem-activerecord-4.2.3-2.fc23

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

[SECURITY] Fedora 22 Update: rubygem-activerecord-4.2.0-2.fc22

Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties databa se tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...

Vulnerabilities in the Google Chrome browser that allow a perpetrator to trigger a service failure or cause other effects

The multiple vulnerabilities in the Google Chrome browser implementation are related to the use of memory after it is freed. Exploiting these vulnerabilities could allow a malicious actor to cause service failures or potentially have other effects through a specially crafted PDF document, which i...