Information disclosure

The Bunny Run aka com.stargirlgames.google.bunnyrun application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Penguin Run aka com.skyboard.google.penguinRun application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5707

The CVE-2014-5707 entry concerns The Bunny Run (com.stargirlgames.google.bunnyrun) Android app version 1.1.2 that does not verify X.509 certificates from SSL servers, enabling MITM attackers to spoof servers and access sensitive information. Public sources (NVD and CVE databases) corroborate the ...

CVE-2014-5702

The Penguin Run aka com.skyboard.google.penguinRun application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5702

CVE-2014-5702 affects The Penguin Run (aka com.skyboard.google.penguinRun) Android app version 1.1. The connected sources confirm that the vulnerability is a failure to verify X.509 certificates from SSL servers, enabling man-in-the-middle attackers to spoof servers and access sensitive data via ...

Siemens Patches DoS Vulnerability in SIMATIC S7

Siemens released an update for one of its automation systems late last week, patching a denial of service vulnerability in all versions of its SIMATIC S7-1500 CPU prior to V1.6. An advisory on the Industrial Control Systems Cyber Emergency Response Team’s ICS-CERT website warned about the...

linux/x86 Run /usr/bin/python | setreuid(),execve() - 54 Bytes

Exploit Title: Shellcode Linux x86 Run /usr/bin/python | setreuid,execve Date: 31/7/2014 Exploit Author: Ali Razmjoo Tested on: kali-linux-1.0.4-i386 3.7-trunk-686-pae 1 SMP Debian 3.7.2-0+kali8 i686 GNU/Linux / Ali Razmjoo , email protected Shellcode Linux x86 Run /usr/bin/python | setreuid,exec...

USN-2303-1 unity vulnerability

It was discovered that in certain circumstances Unity failed to successfully grab the keyboard when switching to the lock screen. A local attacker could possibly use this issue to run commands, and unlock the current session...

Cannot uninstall Veeam MP because Microsoft.SystemCenter.SecureReferenceOverride MP is dependent

Challenge During an attempt to uninstall Veeam Management Pack for Microsoft System Center a message appears stating that Microsoft.SystemCenter.SecureReferenceOverride MP is dependent on Veeam Base Discovery MP: Cause The Microsoft.SystemCenter.SecureReferenceOverride contains information...

Apple Updates OSX Blacklist Following Flash Vulnerability

Apple acknowledged on Thursday that it has updated its OSX plugin blacklist to reflect a critical vulnerability in Adobe Flash made public earlier this week. Going forward in Safari, Apple will block any versions of the mechanism prior to 14.0.0.145 and 13.0.0.231, on older systems. An advisory o...

DEBIAN-CVE-2014-4715

Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted...

DEBIAN-CVE-2014-4611

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption o...

DEBIAN-CVE-2014-4608

Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal Run. NOTE: the author of the LZO...

CVE-2014-4608

Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal Run. NOTE: the author of the LZO...

UBUNTU-CVE-2014-4715

Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact via a crafted...

UBUNTU-CVE-2014-4608

Multiple integer overflows in the lzo1xdecompresssafe function in lib/lzo/lzo1xdecompresssafe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service memory corruption via a crafted Literal Run. NOTE: the author of the LZO...

UBUNTU-CVE-2014-4611

Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4uncompress function in lib/lz4/lz4decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service memory corruption o...

SuSE 6.x/7.0 MkDir Error Handling rctab Race Condition Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/2207/info rctab is the Run Control Tab script included with the SuSE distribution of the Linux Operating System. SuSE is a freely available, Open Source Operating system maintained by SuSE Incorporated. A race condition i...

Poll It CGI 2.0 - exploit

No description provided by source. !/usr/bin/perl Poll It CGI v2.0 exploit keelis/havoc korp 2000 shouts to modjo, p, zen, kd, ab, all the script kiddies. keelisathushmaildotcom use Socket; $host, $cgiloc = @ARGV0,1; $ip=inetaton$host; print\n\t+--- Poll It CGI v2.0 exploit ---+; print\n\t+---...

Linux Kernel 2.6 UDEV < 141 - Local Privilege Escalation Exploit

No description provided by source. / cve-2009-1185.c udev 141 Local Privilege Escalation Exploit Jon Oberheide [email protected] http://jon.oberheide.org Information: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1185 udev before 1.4.1 does not verify whether a NETLINK message originates...