Device Guard Security Feature Bypass Vulnerability

A security feature bypass exists when Device Guard does not properly validate certain elements of a signed PowerShell script. An attacker who successfully exploited this vulnerability could modify the contents of a PowerShell script without invalidating the signature associated with the file...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 setName parameter to identity-mgt/challenges-mgt.jsp; the 2 webappType or 3 httpPort parameter to webapp-list/webappinfo.jsp; the 4 dsName or 5 descriptio...

UBUNTU-CVE-2016-9814

The validateSignature method in the SAML2\Utils class in SimpleSAMLphp before 1.14.10 and simplesamlphp/saml2 library before 1.9.1, 1.10.x before 1.10.3, and 2.x before 2.3.3 allows remote attackers to spoof SAML responses or possibly cause a denial of service memory consumption by leveraging...

Oracle Linux 7 : kernel (ELSA-2017-0086)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-0086 advisory. - net sctp: validate chunk len before actually using it Hangbin Liu 1399458 1399459 CVE-2016-9555 - net sctp: rename WORDTRUNC/ROUND macros Hangbin Liu...

Information Disclosure

mcrypt is vulnerable to information exposure. The vulnerability exists because TLS, SSH, and IPSec protocols have missing validate birthday bound which allows to remote attack access confidential information in system...

ntop-ng 2.5.160805 Username Enumeration

Exploit title: ntopng user enumeration Author: Dolev Farhi Contact: dolevf at protonmail.com Date: 04-08-2016 Vendor homepage: ntop.org Software version: v.2.5.160805 !/usr/env/python import os import sys import urllib import urllib2 import cookielib server = 'ip.add.re.ss' username = 'ntopng-use...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3651)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3651 advisory. - sctp: validate chunk len before actually using it Marcelo Ricardo Leitner Orabug: 25142879 CVE-2016-9555 Tenable has extracted the preceding...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3648)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3648 advisory. - mpi: Fix NULL ptr dereference in mpipowm ver 3 Andrey Ryabinin Orabug: 25154096 CVE-2016-8650 CVE-2016-8650 - sctp: validate chunk len before...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2016-3625)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3625 advisory. - HID: hiddev: validate numvalues for HIDIOCGUSAGES, HIDIOCSUSAGES commands Scott Bauer Orabug: 24803597 CVE-2016-5829 - netfilter: xtables: speed ...

Apple OS X IOHDIXController Untrusted Pointer Dereference Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must open a malicious file. The specific flaw exists within the IOHDIXController interface. The issue lies...

The vulnerability of the Firefox browser, which allows a malicious attacker to execute arbitrary code or trigger a service denial.

Mozilla Firefox’s software contains a vulnerability in the WebGLContext::ValidateTextImageSize function. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause a service failure by manipulating input data...

DEBIAN-CVE-2016-5730

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...

UBUNTU-CVE-2016-5730

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...

Web Spidering Framework: Malspider

Web Spidering Framework That Detects Characteristics of Web Compromises Malspider is a web spidering framework that inspects websites for characteristics of compromise. Malspider has three purposes: Website Integrity Monitoring : monitor your organization’s website or your personal website for...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2016-3566)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-3566 advisory. - net: add validation for the socket syscall protocol argument Hannes Frederic Sowa Orabug: 23267976 CVE-2015-8543 CVE-2015-8543 - ipv6: addrconf:...

Out-of-bounds

The exifprocessIFDinJPEG function in ext/exif/exif.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 does not validate IFD sizes, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via crafted header data...

Apple OS X IOAudioFamily Buffer Overflow Privilege Escalation Vulnerability

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the IOAudioFamily kern...

Cisco Cloud Network Automation Provisioner SQL Injection Vulnerability

A vulnerability in the web framework of Cisco Cloud Network Automation Provisioner CNAP could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. The vulnerability is due to a failure to validate user-supplied input in SQL...

Adobe Acrobat Pro DC Text field Validate action Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

CVE-2016-2002

The validateAdminConfig handler in the Analytics Management Console in HPE Vertica 7.0.x before 7.0.2.12, 7.1.x before 7.1.2-12, and 7.2.x before 7.2.2-1 allows remote attackers to execute arbitrary commands via the mcPort parameter, aka ZDI-CAN-3417...