2395 matches found
Kali Linux
Kali Linux Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. It is maintained and funded by Offensive Security Ltd. Mati Aharoni, Devon Kearns and Raphaël Hertzog are the core developers. Kali Linux is preinstalled with over 300...
IE Memory Attacks Net ZDI $125,000 Microsoft Bounty
When Microsoft introduced use-after-free mitigations into Internet Explorer last summer, certain classes of exploits were closed off, and researchers and black hats were left to chase new ways to corrupt memory inside the browser. A team of experts from HP’s Zero Day Initiative were among those w...
Another wave of Flash 0day attacks are close-vulnerability warning-the black bar safety net
Cisco security researchers report that a Flash 0day vulnerability being penetration code kit Angler exploit to spread malicious programs. Adobe said it is investigating. Angler is using three vulnerabilities in Flash, two of which are the old drain hole, has been an Adobe patch, but the other one...
CVE-2014-6581
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load...
CVE-2014-6581
CVE-2014-6581 affects Oracle E-Business Suite through the Oracle Customer Intelligence component, across versions 11.5.10.2 and 12.0.4–12.2.4. The vulnerability is described as unspecified with unknown vectors related to Extract/Load Programs, allowing remote attackers to impact confidentiality a...
CVE-2014-6581
Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load...
Oracle Solaris Third-Party Patch Update : puppet (multiple_vulnerabilities_in_puppet)
The remote Solaris system is missing necessary patches to address security updates : - Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from t...
Microsoft fixes 8 security vulnerabilities, including Google's disclosure of 0day vulnerabilities-vulnerability warning-the black bar safety net
Microsoft has released the latest security patches, repair the content includes Google 9 0 days of the submitted 0day vulnerability, Microsoft this program 2 months to fix, but forced by Google reluctant to breach its 9 0-day cloth vulnerability details the policy had to advance the release patch...
USN-2453-1: mime-support vulnerability
Timothy D. Morgan discovered that the run-mailcap tool incorrectly filtered certain shell metacharacters in filenames. If a user or automated system were tricked into opening a file with a specially-crafted filename, a remote attacker could possibly execute arbitrary code...
DLA-128-1 sox - security update
Bulletin has no description...
Microsoft Graphics Component Memory Corruption (MS14-007) - Ver2 (CVE-2014-0263)
A remote code execution vulnerability has been reported in Windows Graphics Component. The vulnerability is due to the way Windows components handle specially crafted GIF files. A remote attacker can exploit this issue by enticing a user to view GIF files in shared content. Successful exploitatio...
HP's Zero Day Initiative Changes Bug-Buying Guidelines
HP’s Zero Day Initiative has decided to adjust its guidelines and criteria or buying some vulnerabilities in the future, eliminating some large classes of bugs from its menu. The group, which has been among the more visible and prominent of the vulnerability purchasing programs since its inceptio...
Compaq/Hewlett Packard Glance 11.00 Privilege Escalation Vulnerability
It has been identified that binaries that are executed with elevated privileges SetGID and SetUID programs in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected. Vulnerability title:...
HackerOne: Enumeration/Guess of Private (Invited) Programs
Hey, This bug allows anyone to enumerate usernames of invited programs.For example there are two kinds of program at HackerOne - Public programs and Invited programs. Generally invited programs are only accessible to certain users based on reputation system. Now, for most public programs the...
CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...
Design/Logic Flaw
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action...
FreeBSD : Bugzilla multiple security issues (b6587341-4d88-11e4-aef9-20cf30e32f6d)
Bugzilla Security Advisory Unauthorized Account Creation An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name cou...
CVE-2014-6287
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server aks HFS or HttpFileServer 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
[SECURITY] Fedora 20 Update: ktimer-4.14.1-1.fc20
KTimer is a little tool to execute programs after some time...