1445 matches found
USN-2787-1 audiofile vulnerability
Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially crafted file, audiofile could be made to crash, leading to a denial of service, or possibly execute...
The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code
The vulnerability of the SampleTable::setSampleToChunkParams function in the libstagefright library of the Android operating system is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using specially crafted MP4 data...
Threat Outbreak Alert RuleID18217: Email Messages Distributing Malicious Software on September 26, 2015
Medium Alert ID: 41178 First Published: 2015 September 25 18:46 GMT Last Updated: 2015 October 5 13:22 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat...
Exploit for Out-of-bounds Read in Openssl
Heartbleed Scanner Network Scanner for OpenSSL Memory Leak C...
Threat Outbreak Alert RuleID17998: Email Messages Distributing Malicious Software on September 15, 2015
Medium Alert ID: 41014 First Published: 2015 September 15 20:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17998 may contain the following files: Name ...
Android Stagefright Media Playback Engine 远程代码执行漏洞
No description provided by source. !/usr/bin/env python Joshua J. Drake @jduck of ZIMPERIUM zLabs Shout outs to our friends at Optiv formerly Accuvant Labs C Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 www.zimperium.com Exploit for RCE Vulnerability CVE-2015-1538 1 Integer...
SQLChop - SQL Injection Detection Engine
SQLChop is a novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis. Web input URLPath, body, cookie, etc. will be first decoded to the raw payloads that web app accepts, then syntactical analysis will be performed on payload to classify result. The algorithm behi...
Adobe Flash - Pointer Crash in XML Handling
Adobe Flash - Pointer Crash in XML Handling Source: https://code.google.com/p/google-security-research/issues/detail?id=400&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The attached sample file, signalsigsegv7ffff637297a8900e3f87b25c25db8f9ec3c975f8c1211cc.swf, crashes,...
Threat Outbreak Alert RuleID17380: Email Messages Distributing Malicious Software on July 13, 2016
Medium Alert ID: 40526 First Published: 2015 August 17 14:20 GMT Last Updated: 2016 July 15 13:56 GMT Version: 12 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17380 and...
CVE-2015-4496
Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538...
CVE-2015-4496
Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538...
Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability
Talos Vulnerability Report TALOS-2015-0013 Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3789 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the number of...
Out-of-bounds read with malformed MP3 file — Mozilla
Security researcher Aki Helin used the Address Sanitizer tool to discover an out-of-bounds read during playback of a malformed MP3 format audio file which switches sample formats. This could trigger a potentially exploitable crash or the reading of out-of-bounds memory content in some circumstanc...
NetCracker Resource Management System 8.0 XSS / SQL Injection Vulnerabilities
NetCracker Resource Management System versions 8.0 and below suffer from multiple cross site scripting and sql injection Vulnerabilities Vulnerability type: Cross-site Scripting Vendor: http://www.netcracker.com/ Product: NetCracker Resource Management System Affected version: =alert"XSS"...
Heap overflow unlink using the method-vulnerability warning-the black bar safety net
0x01 the first part of the First a brief introduction about the heap chunk structure We may be in malloc. c is found on the heap chunk structure of the code struct mallocchunk INTERNALSIZET prevsize; / Size of previous chunk if free. / INTERNALSIZET size; / Size in bytes, including overhead. /...
Threat Outbreak Alert RuleID16475: Email Messages Distributing Malicious Software on July 7, 2015
Medium Alert ID: 39766 First Published: 2015 July 8 17:46 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16475 may contain the following files: Name | Size...
Threat Outbreak Alert RuleID16459: Email Messages Distributing Malicious Software on July 6, 2015
Medium Alert ID: 39751 First Published: 2015 July 7 19:21 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16459 may contain the following files: Name | Size...
Threat Outbreak Alert RuleID16245: Email Messages Distributing Malicious Software on June 28, 2015
Medium Alert ID: 39543 First Published: 2015 June 29 12:38 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16245 may contain the following files: Name | Siz...
CUPS Sample Engine Cross-Site Scripting Vulnerability
CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A cross-site scripting vulnerability exists in the CUPS sample engine, which allows remote attackers ...
Ektron CMS 9.10 SP1 Cross Site Scripting
Vulnerability type: Cross-site Scripting Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = 9.10 SP1 Build 9.1.0.184.1.102 Patched version: 9.10 SP1 Build 9.1.0.184.1.114 Credit: Jerold Hoong PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerability in...