7676 matches found
Dell NetVault Backup Heap Buffer Overflow Remote Code Execution Vulnerability
NetVault Backup is a cross-platform backup and recovery software solution that protects data and applications in physical and virtual environments. It is scalable and supports multiple server and application platforms across the enterprise. It has a single, intuitive interface that requires minim...
[SECURITY] [DLA 231-1] dulwich security update
Package : dulwich Version : 0.6.1-1+deb6u1 CVE ID : CVE-2015-0838 Ivan Fratric of the Google Security Team has found a buffer overflow in the C implementation of the applydelta function, used when accessing Git objects in pack files. An attacker could take advantage of this flaw to cause the...
Internet Bug Bounty: Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298
The vulnerability allows a malicious Flash app on a website to read and write Local Shared Objects belonging to any website. As a special case, LSO's of macromedia.com contain global Flash settings. Overwriting them allows e.g. unlimited access to camera and microphone of the target user. Other...
Laravel 'prepareForUnserialize()' function remote PHP object injection vulnerability
Laravel is a set of PHP development framework. A remote PHP object injection vulnerability exists in Laravel that allows remote attackers to submit specially crafted serialized objects, delete and read files, and execute arbitrary local script code...
PHP Core Unserialize Key Name Code Execution - Ver2 (CVE-2015-0231)
A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a w...
PHP Core unserialize process nested data Use After Free - Ver2 (CVE-2014-8142)
A use-after-free vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a web applicati...
Microsoft Internet Explorer CElement::DelMarkupPtr Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...
In-Console-Able
Posted by James Forshaw, giving the security community a shoulder to cry on. TL;DR; this blog post describes an unfixed bug in Windows 8.1 which allows you to escape restrictive job objects in order to help to develop a sandbox escape chain in Chrome or similar sandboxes. If you’re trying to...
Debian DLA-215-1 : libjson-ruby security update
The JSON gem for Ruby allowed remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL...
DLA-215-1 libjson-ruby - security update
Bulletin has no description...
IBM InfoSphere BigInsights SQL Component Unauthorized Access Vulnerability
IBM InfoSphere BigInsights is a set of software platform for storing and analyzing "big data" from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data.Big SQL is one of the SQL interface components. A security...
[SECURITY] Fedora 21 Update: postgis-2.1.7-1.fc21
PostGIS adds support for geographic objects to the PostgreSQL object-relati onal database. In effect, PostGIS "spatially enables" the PostgreSQL server, allowing it to be used as a backend spatial database for geographic informa tion systems GIS, much like ESRI's SDE or Oracle's Spatial extension...
Adobe Flash Player AVSource Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...
DLA-200-1 ruby1.9.1 - security update
Bulletin has no description...
Cisco Web Security Appliance (WSA) Local Arbitrary Python Code Execution Vulnerability
The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. A security vulnerability exists in the Cisco Web Security Appliance WSA that allows a local attacker to execute arbitrary Python code via specially crafted serialized objec...
CVE-2015-0692
Cisco Web Security Appliance WSA devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230...
CA Spectrum Elevation of Privilege Vulnerability
CA Spectrum formerly known as CA Spectrum Infrastructure Manage is a set of converged infrastructure management software developed by CA. The software provides fault management, application performance management and failure cause analysis and other functions. A security vulnerability exists in C...
CVE-2015-2828
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data...
Code injection
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data...
CVE-2015-2828
CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data...