3 New Code Execution Flaws Discovered in Atlantis Word Processor

This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to...

Unspecified Vulnerability in LibSass

LibSass is an open source written in C using Sass CSS extension language parser . A security vulnerability exists in the 'Sass::Parser::parsecssvariablevaluetoken' function in LibSass version 3.5-stable. An attacker could exploit this vulnerability to cause a denial of service...

UBUNTU-CVE-2018-19218

In LibSass 3.5-stable, there is an illegal address access at Sass::Parser::parsecssvariablevaluetoken that will lead to a DoS attack...

Information Disclosure

catalina is vulnerable to information disclosure attacks. The vulnerability exists as an instance-variable overwrite can occur when two requests in different threads are processed concurrently, causing information disclosure attacks...

CVE-2018-15322

On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.2, or 11.2.1-11.5.6, BIG-IQ Centralized Management 6.0.0-6.0.1, 5.0.0-5.4.0 or 4.6.0, BIG-IQ Cloud and Orchestration 1.0.0, iWorkflow 2.0.1-2.3.0, or Enterprise Manager 3.1.1 a BIG-IP user granted with tmsh access may caus...

CVE-2017-18281

A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel...

CVE-2017-18281

A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel...

Updated lilypond packages fix security vulnerability

lilypond does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks CVE-2017-17523...

CVE-2018-18546

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

Sql injection

ThinkPHP 3.2.4 has SQL Injection via the order parameter because the Library/Think/Db/Driver.class.php parseOrder function mishandles the key variable...

Sql injection

ThinkPHP 5.1.25 has SQL Injection via the count parameter because the library/think/db/Query.php aggregate function mishandles the aggregate variable. NOTE: a backquote character is required in the attack URI...

SUSE-RU-2018:3087-1 Recommended update for tcpdump

This update for tcpdump provides the following fix: - The original fix for CVE-2016-7975 was using a variable before declaring it. Fix this by moving the declaration before any usage. bsc1094241, CVE-2016-7975...

CVE-2018-3975

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution...

Design/Logic Flaw

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution...

CVE-2018-3975

An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution...

CVE-2018-3975

Cisco Talos reports CVE-2018-3975 as an Atlants Word Processor 3.2.6 RTF-parsing vulnerability. The flaw is an exploitable uninitialized OLE document pointer (offset -0x8e0) used when parsing RTF tokens; if an attacker can control the stack, they can trigger an out-of-bounds write that can lead t...

CVE-2018-17830

The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted only values are restricted. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=&args substring...

CVE-2018-17830

The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted only values are restricted. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=&args substring...

Atlantis Word Processor uninitialized TDocOleObject code execution vulnerability

Summary An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which in turn could lead to code execution. Tested Version...

Solaris EXTREMEPARR dtappgather Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Solaris 'EXTREMEPARR' dtappgather Privilege Escalation", 'Description' = %q This module exploits a directory traversal vulnerability in the...