DEBIAN-CVE-2016-2799

Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font...

flash-plugin: multiple code execution issues fixed in APSB16-08

Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176...

PT-2016-1488 · Adobe +3 · Flash Player +5

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Adobe Flash Player ESR affected versions not specified Adobe Integrated Runtime affected versions not specified Description: The issue is related to a use-after-free vulnerability in the...

Mozilla: Use-after-free in SetBody (MFSA 2016-24)

Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574...

Responses with Set-Cookie header cached

h3. Context We have Jira running with SSO from Crowd. Jira is behind a corporate reverse proxy from BlueCoat which has caching enabled but respects the Cache-control, Expire and Pragma HTTP headers. h3. Problem We have discovered following cases of sessions mix up where a user \1 get the Crowd...

exim -- local privillege escalation

The Exim development team reports: All installations having Exim set-uid root and using 'perlstartup' are vulnerable to a local privilege escalation. Any user who can start an instance of Exim and this is normally any user can gain root privileges. If you do not use 'perlstartup' you should be sa...

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

DEBIAN-CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

CVE-2016-2040

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allow remote authenticated users to inject arbitrary web script or HTML via a 1 table name, 2 SET value, 3 search query, or 4 hostname in a Location header...

CVE-2015-7581

actionpack/lib/actiondispatch/routing/routeset.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service superfluous caching and memory consumption by leveraging an application's use of a wildcard controller route...

Foxit Reader Global setPersistent Memory Error References Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. A security vulnerability exists in the global.setPersistent method of Foxit Reader. global.setPersistent forces a hanging pointer to be released and then reused when saving a global variable. An attacker can exploit this...

DEBIAN-CVE-2015-7513

arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service divide-by-zero error and host OS crash via a zero value, related to the kvmvmioctlsetpit and kvmvmioctlsetpit2 functions...

UBUNTU-CVE-2016-0723

Race condition in the ttyioctl function in drivers/tty/ttyio.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service use-after-free and system crash by making a TIOCGETD ioctl call during processing of a TIOCSETD ioctl...

phpmyadmin -- Multiple XSS vulnerabilities

The phpMyAdmin development team reports: With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks in the zoom search page. With a crafted hostname header, it is...

Multiple XSS vulnerabilities.

PMASA-2016-3 Announcement-ID: PMASA-2016-3 Date: 2016-01-24 Summary Multiple XSS vulnerabilities. Description With a crafted table name it is possible to trigger an XSS attack in the database search page. With a crafted SET value or a crafted search query, it is possible to trigger an XSS attacks...

Kali Linux: Kill Chain

Kill Chain for Kali Linux 2.0 is a unified console with an anonymizer that will perform these stages of attacks: Reconnaissance Weaponization Delivery Exploit Installation Command & Control And Actions Dependencies: Tor — For the console build in anonymizer. Set — Social-Engineer Toolkit SET,...

Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks

“Kill Chain” is a unified console with an anonymizer that will perform these stages of attacks: Reconnaissance Weaponization Delivery Exploit Installation Command & Control And Actions Dependant tool sets are: 1 Tor -- For the console build in anonymizer. 2 Set -- Social-Engineer Toolkit SET,...

MGASA-2016-0008 Updated claws-mail packages fix security vulnerability

no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...

Updated claws-mail packages fix security vulnerability

no bounds checking on the output buffer in convjistoeuc, conveuctojis, convsjistoeuc A Tails contributor found a vulnerability in claws-mail where in codeconv.c a function for japanese character set conversion called convjistoeuc has no bounds checking on the output buffer which is created on the...