OWASP SSL TLS Scanning : DeepViolet

DeepViolet is a TLS/SSL scanning API written in Java. To keep DeepViolet easy to use, identify bugs, reference implementations have been developed that consume the API. If you want to see what DeepViolet can do, use it from the command line in your scripts or use the graphical tool from the comfo...

CFME: bypass authorization by altering VM ID

It was found that the CloudForms did not properly apply permissions controls to VM IDs passed by users. A remote, authenticated attacker could use this flaw to execute arbitrary VMs on systems managed by CloudForms if they know the ID of the VM...

openSUSE Security Update : systemd (openSUSE-2016-1184)

This update for systemd fixes the following issues : - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2016:2476-1)

This update for systemd fixes the following security issue : - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

The vulnerability of the Microsoft Office software package, which allows a hacker to bypass the ASLR protection mechanism

The vulnerability of the Click-to-Run package for Microsoft Office programs is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass the ASLR protection mechanism by using a specially created application...

Mozilla: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString (MFSA 2016-85, MFSA 2016-86)

Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 allows remote attackers to cause a denial of service boolean out-of-bounds write or possibly have unspecified other impact v...

Microsoft APP-V ASLR Information Disclosure Vulnerability

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. An information disclosure vulnerability exists in the Click-to-Run implementation in Microsoft Office...

Security feature bypass

The Click-to-Run C2R implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."...

CVE-2016-0137

The Click-to-Run C2R implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."...

Microsoft Internet Explorer CVE-2016-3292 Remote Privilege Escalation Vulnerability

Description Microsoft Internet Explorer is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Internet Explorer 10 and 11 are vulnerable. Technologies Affected Microsoft Internet...

[SECURITY] Fedora 24 Update: perl-Module-Load-Conditional-0.68-1.fc24

This module provides simple ways to query and possibly load any of the modu les you have installed on your system during run-time...

Talking Tom Gold Run - Base64 encoded String, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Talking Tom Gold Run published at the 'play' market has multiple vulnerabilities...

Linux 64bit Ncat Shellcode SSL, MultiChannel, Persistant, Fork, IPv4/6, Password - 176 bytes

Linux 64bit Ncat Shellcode SSL, MultiChannel, Persistant, Fork, IPv4/6, Password - 176 bytes. Shellcode exploit for linx86-64 platform include include // Exploit Title: Linux 64bit Ncat + SSL + MultiChannel + Persistant + Fork + IPv4/6 + Password 176byte // Date: 7/5/2016 // Exploit Author:...

Siemens S7300/400 PLC has a Privilege Bypass Downtime Vulnerability

The Siemens S7300/400 PLC is a modular general-purpose controller from Siemens for the manufacturing industry. A privilege bypass downtime vulnerability exists in the Siemens S7300/400 PLC. An attacker can exploit the vulnerability by sending a specific message to change the PLC from the RUN stat...

Lenovo Accelerator Application Man-in-the-Middle Attack Vulnerability

Lenovo Accelerator Application is a set of accelerator programs from the Chinese company Lenovo Lenovo designed specifically for Intel chipsets. A man-in-the-middle attack vulnerability exists in the UpdateAgent in the Lenovo Accelerator Application. The vulnerability can be exploited to conduct ...

UBUNTU-CVE-2016-4453

The vmsvgafiforun function in hw/display/vmwarevga.c in QEMU allows local guest OS administrators to cause a denial of service infinite loop and QEMU process crash via a VGA command...

Android Instant Apps — Run Apps Quickly Without Installation

Downloading an app is a real pain sometimes when you don't want to install the complete app on your smartphone just for booking a movie ticket, or buying something online. Isn't that? Now, Imagine the world where you can use any Android app without actually the need to download or even install it...

Telegram (API) Cross-Site Request Forgery Vulnerability

Telegram is a cloud-based instant messaging service that supports both mobile and desktop versions, enabling users to exchange messages, pictures, and videos instantly. Telegram suffers from a cross-site request forgery vulnerability that allows an attacker to execute application functions by...

DEBIAN-CVE-2014-9770

tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under 1 /run/log/journal/%m and 2 /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files...

American Fuzzy Lop Utilities: afl-utils

Utilities for automated crash sample processing/analysis, easy afl-fuzz job management and corpus optimization afl-utils is a collection of utilities to assist fuzzing with american-fuzzy-lop afl . afl-utils includes tools for: automated crash sample collection, verification, reduction and analys...