seacms variable override vulnerability

SeaCms is a set of applications for building online movies with PHP+MYSQL architecture. A global variable override vulnerability exists in seacms version 6.26. An attacker who successfully exploits this vulnerability can directly access the administration backend of the website...

Bumble: [CRITICAL] Full account takeover using CSRF

Hi , I have found a CSRF issue that allows an attacker to link his gmail , facebook ... or any social account to the victim's account and hijack the whole account. Details: When a user tries to link a gmail account with his account , after he authorizes badoo to use his gmail account he will be...

phpshe v1.1 order.php 存在变量覆盖漏洞(导致可绕过付款)

No description provided by source...

Adobe Flash - Object.unwatch Use-After-Free

Adobe Flash - Object.unwatch Use-After-Free Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 https://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug. Roughly 80 of the...

Adobe Flash - Object.unwatch Use-After-Free Exploit

Exploit for multiple platform in category remote exploits Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 https://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug...

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

Cisco UCS Manager GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash, Shellshock) - Active Check

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...

CVE-2016-0828

The CVE concerns Android mediaserver: BnGraphicBufferConsumer::onTransact in libs/gui/IGraphicBufferConsumer.cpp failing to initialize a slot variable. This uninitialized state can let a remote attacker trigger an ATTACH_BUFFER action to read sensitive data and bypass a protection mechanism. Affe...

Exim Local Privilege Escalation

============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privilege Escalation Exploit II. BACKGROUND...

perl: improper input validation

Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint...

Exim < 4.86.2 - Local Privilege Escalation

============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privilege Escalation Exploit II. BACKGROUND...

HEVD - HackSys Extreme Vulnerable Driver

HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level. HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use...

Fedora 22 : php-horde-Horde-Service-Weather-2.3.1-1.fc22 / php-horde-Horde-Core-2.22.4-1.fc22 / etc (2015-d799a5e72b)

HordeCore 2.22.4 mjr SECURITY: Fix XSS in HordeCoreVarRendererHtml reported by Centurion Information Security. mjr Support sending MDN via ActiveSync Request 23080. HordeCore 2.22.3 mjr Fix issue with synchronizing IMAP folder names that contain only numbers. HordePerms 2.1.6 mjr Use NULL instead...

Mageia: Security Advisory (MGASA-2016-0079)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated glibc packages fix security vulnerabilities

Updated glibc fixes the following security issues: A stack overflow unbounded alloca could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code CVE-2014-9761. A stack-based buffer overflow in getaddrinfo allowed remote attacker...

SUSE SLED11 / SLES11 Security Update : glibc (SUSE-SU-2016:0472-1)

This update for glibc fixes the following issues : - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses bsc961721 - CVE-2015-8777: Insufficient checking of LDPOINTERGUARD environment...

lib32-glibc: multiple issues

CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...

glibc: multiple issues

CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...

Vulnerability of the Cyrus IMAP mail server and operating systems openSUSE and OpenSUSE Leap, allowing attackers to compromise the integrity and accessibility of protected information

The vulnerability of the indexurlfetch function imap/index.c in the Cyrus IMAP server and on the OpenSUSE and OpenSUSE Leap operating systems is caused by a numerical overflow issue. Exploiting this vulnerability allows an attacker to compromise the integrity and accessibility of protected...

Libsys图书管理系统 V5.5 变量覆盖漏洞

登陆页面 sessionstart ; if isset $REQUEST'username' $strUser = trim $REQUEST'username' ; $strInput = trim $REQUEST'passwd' ; $strMsg = "用户名或者密码错误"; switch $strUser case "opacadmin" : $strPassWd = $strPassWdFile; $strMsg = verifypwd $strInput, $strPassWd ; if $strMsg == true $SESSION'ADMINUSER' =...