CVE-2015-7900

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page...

Debian DLA-334-2 : libxml2 regression update

Unfortunately I mixed up the build of the i386 version of the libxml2 package. dpkg did not understand the contents of an included trigger file and threw an error message. This new upload should fix this and you can get rid of the error message with for example : apt-get update; apt-get -f instal...

PT-2015-7180 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA software versions 7.2 and 8.2 through 8.25.57 Cisco Adaptive Security Appliance ASA software versions 8.3 through 8.47.28 Cisco Adaptive Security Appliance ASA software versions 8.5 through 8.71.16 Cisco...

The vulnerability of the Android operating system, which allows a hacker to trigger a service failure

The vulnerability of the Android operating system’s mediaserver component is related to errors in the code. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

Cisco Email Security Appliance File Descriptor System Overload Vulnerability

The Cisco Email Security Appliance is a widely used email encryption gateway that seamlessly encrypts, decrypts, and digitally signs confidential email. A security vulnerability exists in the Cisco Email Security Appliance that allows remote attackers to exploit the vulnerability by submitting a...

WordPress Landing Pages 1.8.4 Cross Site Scripting ( CVE-2015-4065 )

插件: https://downloads.wordpress.org/plugin/landing-pages.1.8.4.zip 漏洞文件位置在 shared/shortcodes/inbound-shortcodes.php Line 761 preview.php?sc=&post=' width="285" scrollbar='true' frameborder="0" id="inbound-shortcodes-preview" 从上述文件可以看到 GET 方式传过来的参数 post 直接输出到 html 中造成了XSS 触发 url 如下...

UBUNTU-CVE-2015-5820

WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted 1 tel://, 2 facetime://, or 3 facetime-audio:// URL...

squid -- TLS/SSL parser denial of service vulnerability

Amos Jeffries, release manager of the Squid-3 series, reports: Vulnerable versions are 3.5.0.1 to 3.5.8 inclusive, which are built with OpenSSL and configured for "SSL-Bump" decryption. Integer overflows can lead to invalid pointer math reading from random memory on some CPU architectures. In the...

Ganglia Web Frontend 3.5.1 - PHP Code Execution

Ganglia Web Frontend 3.5.1 - PHP Code Execution...

Adobe Flash - XML.childNodes Use-After-Free

Adobe Flash - XML.childNodes Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=365&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id If a watch is set on the childNodes object of an XML object, and then the XML object is manipulated in...

Linux Kernel (x86) - Memory Sinkhole Privilege Escalation

Linux Kernel x86 - Memory Sinkhole Privilege Escalation ; memory sinkhole proof of concept ; hijack ring -2 execution through the apic overlay attack. ; deployed in ring 0 ; the SMBASE register of the core under attack TARGETSMBASE equ 0x1f5ef800 ; the location of the attack GDT. ; this is...

Then the probe Stagefright vulnerability: on POC with the EXP-bug warning-the black bar safety net

Foreword In before the topic--Stagefright vulnerability: a preliminary study, we determined the vulnerability of the generating position, and then the whole article just stopped short. This vulnerability after all the impact is very deep, and some details do not know when to speak improper to...

OracleVM 3.3 : net-snmp (OVMSA-2015-0099)

The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle ACFS to hrStorage John Haxby orabug 18510373 - Quicker loading of IP-MIB::ipAddrTable 1191393 - Quicker loading of IP-MIB::ipAddressTable 1191393 - Fixed snmptrapd crash when '-OQ' paramete...

UBUNTU-CVE-2015-3291

arch/x86/entry/entry64.S in the Linux kernel before 4.1.6 on the x8664 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of service skipped NMI by modifying the rsp register, issuing a syscall instruction, and triggering an NM...

PHPCMS \phpcms\modules\member\index.php user login SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

catalog 1. Vulnerability description 2. Vulnerability trigger conditions 3. Vulnerability scope 4. Vulnerability code analysis 5. Defense method 6. Offensive and defensive thinking 1. Vulnerability description 2. Vulnerability trigger conditions 0x1: POC http://localhost/phpcmsv9/index. php?...

Unspecified vulnerability in Oracle MySQL Server:Security:Firewall component (CNVD-2015-04716)

Oracle MySQL Server is a relational and popular database. A security vulnerability exists in the client subcomponent of Oracle MySQL Server, which can be exploited by remote attackers to construct a malicious WEB page and trick users into parsing it, which can impact system availability...

Design/Logic Flaw

Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message...

VENOM venom vulnerability analysis qemu kvm CVE‐2 0 1 5‐3 4 5 6-the vulnerability warning-the black bar safety net

Vulnerability description CrowdStrike, Jason Geffner found open source computer emulator QEMU in the presence of a and a virtual floppy disk controller associated with the security vulnerability, code-named VENOM, the CVE number for CVE-2 0 1 5-3 4 5 6 The. Using this vulnerability an attacker ca...

i.FTP 2.21 - Time Field SEH Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title : i.FTP 2.21 Time Field SEH Exploit Exploit Author : Revin Hadi S Vulnerability PoC : Avinash Kumar Thapa "-Acid" Date : 05/08/2015 Vendor : http://www.memecode.com/iftp.php Software Link :...

The Ghost vulnerability the GHOST remote using the EXP-bug warning-the black bar safety net

This article demonstrates one of the Ghost vulnerability the GHOST of EXP, this EXP is Metasploit a module. This Metasploit module can be remote exploit CVE-2 0 1 5-0 2 3 5 out of glibc library gethostbyname function heap overflow vulnerability vulnerability, the goal is to run the Exim mail...