[Onapsis Security Advisory 2015-002] SAP Business Objects Unauthorized File Repository Server Read via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2015-002: SAP Business Objects Unauthorized File Repository Server Read via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to retriev...

[Onapsis Security Advisory 2015-004] SAP Business Objects Unauthorized Audit Information Delete via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2015-004: SAP Business Objects Unauthorized Audit Information Delete via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to delete...

Taming the wild copy: Parallel Thread Corruption

Posted by Chris Evans, Winner of the occasional race Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy call with a negative length with the destination on the stack. Of...

Debian DSA-3195-1 : php5 - security update

Multiple vulnerabilities have been discovered in the PHP language : - CVE-2015-2305 Guido Vranken discovered a heap overflow in the ereg extension only applicable to 32 bit systems. - CVE-2014-9705 Buffer overflow in the enchant extension. - CVE-2015-0231 Stefan Esser discovered a use-after-free ...

USN-2535-1 php5 vulnerabilities

Thomas Jarosch discovered that PHP incorrectly limited recursion in the fileinfo extension. A remote attacker could possibly use this issue to cause PHP to consume resources or crash, resulting in a denial of service. CVE-2014-8117 S. Paraschoudis discovered that PHP incorrectly handled memory in...

Adobe Flash Player AVSS Load Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...

Adobe Flash Player AVSS Load Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling ...

Apple iOS IOSurface Type Obfuscation Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A type confusion vulnerability exists in IOSurface when Apple iOS handles serialized objects, which allows attackers to exploit the vulnerability to execute arbitrary code with system privileges...

Microsoft Windows ATMFD Font Driver Remote Code Execution (MS15-021: CVE-2015-0093)

A remote code execution vulnerability has been reported in Microsoft Windows ATMFD Font Driver. The vulnerability is due to an error in Font Driver while improperly overwriting objects in memory. A remote attacker can exploit this issue by enticing a user to open a specially crafted file...

HackerOne: Improperly validated fields allows injection of arbitrary HTML via spoofed React objects

Note: I haven't yet investigated the implications of this fully, so this may be more severe than I'm currently aware of. Right now the only exploits I'm aware of allow a team member to attack other team members. I've found a couple fields that I'd expect to be limited to string values, but which...

SAP BussinessObjects Edge Unauthorized Access Vulnerability (CNVD-2015-01236)

SAP BusinessObjects is a business intelligence software and enterprise performance solution. An unauthorized access vulnerability exists in SAP BussinessObjects Edge, which could allow an attacker to bypass certain security restrictions and perform unauthorized operations...

CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web...

Authentication flaw

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web...

CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web...

SAP Business Objects Unauthorized File Repository Server Read

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2015-002: SAP Business Objects Unauthorized File Repository Server Read via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to retriev...

UBUNTU-CVE-2015-0820

Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web...

SAP Business Objects Unauthorized File Repository Server Write

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security AdvisoryONAPSIS-2015-003: SAP Business Objects Unauthorized File Repository Server Write via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote unauthenticated attacker would be able to overwri...

Caja Compiler JavaScript sandbox bypass — Mozilla

Mozilla developer Jan de Mooij reported an issue that affects web content that relies on the Caja Compiler for protection, or other similar sandboxing libraries. He found that some JavaScript objects marked as non-extensible within Caja and Secure EcmaScript could be made extensible again,...

X2Engine < 4.2 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities : - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery SSRF attacks using specially crafted serializ...

PHP DateTime Use-After-Free

Use After Free Vulnerability in unserialize with DateTime CVE-2015-0273 Taoguang Chen - Write Date: 2015.1.29 - Release Date: 2015.2.20 A use-after-free vulnerability was discovered in unserialize with DateTime/DateTimeZone/DateInterval/DatePeriod objects's wakeup magic method that can be abused...