7677 matches found
rtmpdump: multiple issues
Several issues have been found in the part of rtmpdump handling RTMP streams by LMX of Qihoo 360 Codesafe Team. These issues include memory leak, integer overflow, type confusion when dealing with AMF strings and objects, and several other parsing issues...
VMware vRealize Orchestrator Arbitrary Command Execution Vulnerability
VMware vRealize Orchestrator is a suite of IT process automation engines for integrating with VMware vCloud Suite components to align and extend service delivery and operations management. VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations...
Symantec Endpoint Protection Manager Java Object Deserialization RCE (SYM15-011)
The remote Symantec Endpoint Protection Manager server is affected by a remote command execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a crafted...
Mozilla Firefox HTMLVideoElement Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
CVE-2015-7204
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments...
UBUNTU-CVE-2015-7204
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments...
KLA10723 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR
Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to spoof user interface, cause denial of service, bypass security restrictions, gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list ...
Medium: krb5
Issue Overview: A flaw was found in the OTP kdcpreauth module of MIT Kerberos. A remote attacker could use this flaw to bypass the requirespreauth flag on a client principal and obtain a ciphertext encrypted in the principal's long-term key. This ciphertext could be used to conduct an off-line...
The vulnerability of Oracle WebLogic Server application servers allows attackers to execute arbitrary code.
The vulnerability of the WLS Security server component of Oracle WebLogic Server is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using specially crafted Java objects transmitted over the TCP protocol,...
CVE-2015-7078
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects...
Design/Logic Flaw
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects...
CVE-2015-7078
CVE-2015-7078 is a use-after-free vulnerability in the Apple OS X Hypervisor before 10.11.2. The issue stems from a use-after-free in the hypervisor driver when handling VM objects, enabling a local attacker to gain kernel/privilege level access. Affected product: OS X (pre-10.11.2) . Impact per ...
CVE-2015-7078
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects...
Foxit PhantomPDF App Memory Misreference Vulnerability
Foxit PhantomPDF is a practical PDF solution. Foxit PhantomPDF has a memory misreference vulnerability in the handling of App objects, and constructed PDF documents can be forced to have released the hanging pointer to be re-utilized. An attacker exploiting this vulnerability could execute...
JBoss Java Object Deserialization RCE
The remote JBoss server is affected by multiple remote code execution vulnerabilities : - A flaw exists due to the JMXInvokerHAServlet and EJBInvokerHAServlet invoker servlets not properly restricting access to profiles. A remote attacker can exploit this issue to bypass authentication and invoke...
Microsoft Windows Media Center Library - Parsing Remote Code Execution aka 'self-executing' MCL File
Title: Microsoft Windows Media Center Library Parsing RCE Vuln aka "self-executing" MCL file CVE-2015-6131 Software Vendor: Microsoft Software version : MS Windows Media Center latest version on any Windows OS. Software Vendor Homepage: http://www.microsoft.com CVE: CVE-2015-6131 Exploit Author:...
Microsoft Windows Media Center Library - Parsing Remote Code Execution aka self-executing MCL File
Microsoft Windows Media Center Library - Parsing Remote Code Execution aka self-executing MCL File Title: Microsoft Windows Media Center Library Parsing RCE Vuln aka "self-executing" MCL file CVE-2015-6131 Software Vendor: Microsoft Software version : MS Windows Media Center latest version on any...
Microsoft Windows Media Center Library Parsing RCE Vulnerability aka "self-executing" MC
Exploit for windows platform in category remote exploits Title: Microsoft Windows Media Center Library Parsing RCE Vuln aka "self-executing" MCL file CVE-2015-6131 Software Vendor: Microsoft Software version : MS Windows Media Center latest version on any Windows OS. Software Vendor Homepage:...
Microsoft Internet Explorer Scripting Engine Information Disclosure (MS15-124: CVE-2015-6135)
An information disclosure vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way VBScript engine manipulates BSTR objects. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page...
Microsoft Internet Explorer Memory Corruption (MS15-124: CVE-2015-6143)
A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error in manipulating CAttrArray objects. Successful exploitation could cause memory corruption in a way that would allow attackers to execute code on the target...