Ubuntu 14.04 LTS : PHP vulnerabilities (USN-2501-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2501-1 advisory. Stefan Esser discovered that PHP incorrectly handled unserializing objects. A remote attacker could use this issue to cause PHP to crash, resulting in a...

Microsoft Windows Kernel 'Win32k.sys' local elevation of privilege vulnerability (CNVD-2015-01104)

Microsoft Windows is a popular operating system. A security vulnerability in Microsoft Windows 'Win32k.sys' handling of in-memory objects allows local attackers to exploit the vulnerability to elevate privileges and execute arbitrary code in kernel context...

Microsoft Internet Explorer CTreePos Double Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Internet Explorer UnitValueProperty Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Microsoft Windows win32k.sys Dangling Pointer Privilege Escalation Vulnerability

This vulnerability allows for elevation of privilege on vulnerable installations of Microsoft Windows. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The specific flaw exists within the usage of Cursor objects. The issue lies in the...

Debian DSA-3157-1 : ruby1.9.1 - security update

Multiple vulnerabilities were discovered in the interpreter for the Ruby language : - CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service crash or arbitrary code...

Debian Security Advisory DSA 3157-1 (ruby1.9.1 - security update)

Multiple vulnerabilities were discovered in the interpreter for the Ruby language: CVE-2014-4975 The encodes function in pack.c had an off-by-one error that could lead to a stack-based buffer overflow. This could allow remote attackers to cause a denial of service crash or arbitrary code executio...

Ubuntu 14.04 LTS : Firefox regression (USN-2458-3)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2458-3 advisory. USN-2458-1 fixed vulnerabilities in Firefox. This update introduced a regression which could make websites that use CSP fail to load under some circumstances. Thi...

(Mobile Pwn2Own) Apple Safari Set Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Set...

Security auditing tool for AWS: AWS Scout2

Scout2 is an open source tool that helps assessing the security posture of AWS environments. Using the AWS API, the Scout2 Python scripts fetch CloudTrail, EC2, IAM, RDS, and S3, configuration data. The gathered configuration is analysed and stored as JSON objects in several JavaScript files. The...

SeaMonkey < 2.32 Multiple Vulnerabilities

Binary data 8626.prm...

Mozilla Firefox < 35.0 Multiple Vulnerabilities

Binary data 8624.prm...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2458-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2458-1 advisory. Christian Holler, Patrick McManus, Christoph Diehl, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier discovered multiple memory...

Ubuntu 14.04 LTS : Ubufox update (USN-2458-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2458-2 advisory. USN-2458-1 fixed vulnerabilities in Firefox. This update provides the corresponding version of Ubufox. Tenable has extracted the preceding description block...

XrayWrapper bypass through DOM objects — Mozilla

Mozilla developer Bobby Holley reported that Document Object Model DOM objects with some specific properties can bypass XrayWrappers. This can allow web content to confuse privileged code, potentially enabling privilege escalation...

KLA10445 ACE vulnerability in Mozilla

Improper DOM objects interaction was found in Mozilla products. By exploiting this vulnerability malicious users can execute arbitrary code. This culnerability can be exploited remotely via unspecified vectors. Original advisories MFSA Related products Mozilla-Firefox Mozilla-SeaMonkey CVE list...

php: integer overflow in unserialize()

An integer overflow flaw was found in the way custom objects were unserialized. Specially crafted input processed by the unserialize function could cause a PHP application to crash...

Apache Solr Cross-Site Scripting Vulnerability

Apache Solr is an open source search server. A cross-site scripting vulnerability in the Admin UI Plugin / Stats page in version 4.x of Apache Solr prior to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via fieldvaluecache objects...

[Onapsis Security Advisory 2014-034] SAP Business Objects Search Token Privilege Escalation via CORBA

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory ONAPSIS-2014-034: SAP Business Objects Search Token Privilege Escalation via CORBA 1. Impact on Business ===================== By exploiting this vulnerability a remote and potentially unauthenticated attacker would be able t...

Adobe Flash Player Memory Corruption (APSB14-26: CVE-2014-8439)

A write what where vulnerability exists in Adobe Flash Player. The vulnerability is due to a memory corruption when handling ByteArray objects. A remote attacker can exploit this vulnerability by enticing a target user to open a crafted file. A successful attack could result in the execution of...