Lucene search
K

1445 matches found

OSV
OSV
added 2015/10/28 7:39 p.m.7 views

USN-2787-1 audiofile vulnerability

Fabrizio Gennari discovered that audiofile incorrectly handled changing both the sample format and the number of channels. If a user or automated system were tricked into processing a specially crafted file, audiofile could be made to crash, leading to a denial of service, or possibly execute...

8.8CVSS7.1AI score0.08802EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2015/10/13 12:0 a.m.6 views

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the SampleTable::setSampleToChunkParams function in the libstagefright library of the Android operating system is related to integer overflow. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using specially crafted MP4 data...

10CVSS6.5AI score0.99064EPSS
Exploits6References3
Cisco Threats
Cisco Threats
added 2015/09/25 6:46 p.m.7 views

Threat Outbreak Alert RuleID18217: Email Messages Distributing Malicious Software on September 26, 2015

Medium Alert ID: 41178 First Published: 2015 September 25 18:46 GMT Last Updated: 2015 October 5 13:22 GMT Version: 2 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2015/09/24 8:39 a.m.3 views

Exploit for Out-of-bounds Read in Openssl

Heartbleed Scanner Network Scanner for OpenSSL Memory Leak C...

7.5CVSS6.9AI score0.99999EPSS
Exploits87
Cisco Threats
Cisco Threats
added 2015/09/15 8:23 p.m.10 views

Threat Outbreak Alert RuleID17998: Email Messages Distributing Malicious Software on September 15, 2015

Medium Alert ID: 41014 First Published: 2015 September 15 20:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17998 may contain the following files: Name ...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2015/09/10 12:0 a.m.62 views

Android Stagefright Media Playback Engine 远程代码执行漏洞

No description provided by source. !/usr/bin/env python Joshua J. Drake @jduck of ZIMPERIUM zLabs Shout outs to our friends at Optiv formerly Accuvant Labs C Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 www.zimperium.com Exploit for RCE Vulnerability CVE-2015-1538 1 Integer...

10CVSS6.3AI score0.99064EPSS
Exploits6
Kitploit
Kitploit
added 2015/08/25 9:12 p.m.44 views

SQLChop - SQL Injection Detection Engine

SQLChop is a novel SQL injection detection engine built on top of SQL tokenizing and syntax analysis. Web input URLPath, body, cookie, etc. will be first decoded to the raw payloads that web app accepts, then syntactical analysis will be performed on payload to classify result. The algorithm behi...

8.3AI score
Exploits0References2
exploitpack
exploitpack
added 2015/08/19 12:0 a.m.9 views

Adobe Flash - Pointer Crash in XML Handling

Adobe Flash - Pointer Crash in XML Handling Source: https://code.google.com/p/google-security-research/issues/detail?id=400&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The attached sample file, signalsigsegv7ffff637297a8900e3f87b25c25db8f9ec3c975f8c1211cc.swf, crashes,...

0.2AI score
Exploits0
Cisco Threats
Cisco Threats
added 2015/08/17 2:20 p.m.6 views

Threat Outbreak Alert RuleID17380: Email Messages Distributing Malicious Software on July 13, 2016

Medium Alert ID: 40526 First Published: 2015 August 17 14:20 GMT Last Updated: 2016 July 15 13:56 GMT Version: 12 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17380 and...

0.3AI score
Exploits0
UbuntuCve
UbuntuCve
added 2015/08/16 1:59 a.m.34 views

CVE-2015-4496

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538...

9.3CVSS7.5AI score0.04021EPSS
Exploits0References4
Cvelist
Cvelist
added 2015/08/16 1:0 a.m.29 views

CVE-2015-4496

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538...

7.6AI score0.04021EPSS
Exploits0References4
Talos
Talos
added 2015/08/13 12:0 a.m.53 views

Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2015-0013 Apple Quicktime Invalid 3GPP stsd Sample Description Entry Size Denial of Service Vulnerability August 13, 2015 CVE Number CVE-2015-3789 Description There is a denial of service vulnerability in Apple Quicktime. An attacker who can control the number of...

6.8CVSS8.8AI score0.0364EPSS
Exploits0
Mozilla
Mozilla
added 2015/08/11 12:0 a.m.35 views

Out-of-bounds read with malformed MP3 file — Mozilla

Security researcher Aki Helin used the Address Sanitizer tool to discover an out-of-bounds read during playback of a malformed MP3 format audio file which switches sample formats. This could trigger a potentially exploitable crash or the reading of out-of-bounds memory content in some circumstanc...

7.5CVSS6.9AI score0.04769EPSS
Exploits0References2Affected Software4
0day.today
0day.today
added 2015/07/23 12:0 a.m.55 views

NetCracker Resource Management System 8.0 XSS / SQL Injection Vulnerabilities

NetCracker Resource Management System versions 8.0 and below suffer from multiple cross site scripting and sql injection Vulnerabilities Vulnerability type: Cross-site Scripting Vendor: http://www.netcracker.com/ Product: NetCracker Resource Management System Affected version: =alert"XSS"...

5.2CVSS6.8AI score0.02378EPSS
Exploits5
myhack58
myhack58
added 2015/07/22 12:0 a.m.26 views

Heap overflow unlink using the method-vulnerability warning-the black bar safety net

0x01 the first part of the First a brief introduction about the heap chunk structure We may be in malloc. c is found on the heap chunk structure of the code struct mallocchunk INTERNALSIZET prevsize; / Size of previous chunk if free. / INTERNALSIZET size; / Size in bytes, including overhead. /...

0.9AI score
Exploits0
Cisco Threats
Cisco Threats
added 2015/07/08 5:46 p.m.17 views

Threat Outbreak Alert RuleID16475: Email Messages Distributing Malicious Software on July 7, 2015

Medium Alert ID: 39766 First Published: 2015 July 8 17:46 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16475 may contain the following files: Name | Size...

6.9AI score
Exploits0
Cisco Threats
Cisco Threats
added 2015/07/07 7:21 p.m.17 views

Threat Outbreak Alert RuleID16459: Email Messages Distributing Malicious Software on July 6, 2015

Medium Alert ID: 39751 First Published: 2015 July 7 19:21 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16459 may contain the following files: Name | Size...

7AI score
Exploits0
Cisco Threats
Cisco Threats
added 2015/06/29 12:38 p.m.11 views

Threat Outbreak Alert RuleID16245: Email Messages Distributing Malicious Software on June 28, 2015

Medium Alert ID: 39543 First Published: 2015 June 29 12:38 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID16245 may contain the following files: Name | Siz...

0.2AI score
Exploits0
CNVD
CNVD
added 2015/06/11 12:0 a.m.1 views

CUPS Sample Engine Cross-Site Scripting Vulnerability

CUPS is a Universal Unix Printing System, a cross-platform printing solution for Unix environments, based on the Internet Printing Protocol, providing most PostScript and raster printer services. A cross-site scripting vulnerability exists in the CUPS sample engine, which allows remote attackers ...

4.3CVSS6.4AI score0.07297EPSS
Exploits5References1
Packet Storm
Packet Storm
added 2015/05/31 12:0 a.m.17 views

Ektron CMS 9.10 SP1 Cross Site Scripting

Vulnerability type: Cross-site Scripting Vendor: http://www.ektron.com/ Product: Ektron Content Management System Affected version: = 9.10 SP1 Build 9.1.0.184.1.102 Patched version: 9.10 SP1 Build 9.1.0.184.1.114 Credit: Jerold Hoong PROOF OF CONCEPT XSS Cross-site scripting XSS vulnerability in...

7.4AI score
Exploits0
Rows per page
Query Builder