Scientific Linux Security Update : ntp on SL6.x i386/x86_64 (20160510)

Security Fixes : - It was found that the fix for CVE-2014-9750 was incomplete: three issues were found in the value length checks in NTP's ntpcrypto.c, where a packet with particular autokey operations that contained malicious data was not always being completely validated. A remote attacker coul...

UBUNTU-CVE-2016-5105

The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...

CVE-2016-5105

The megasasdcmdcfgread function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface MFI command...

4digits 1.1.4 - Local Buffer Overflow (PoC)

4digits 1.1.4 - Local Buffer Overflow PoC 4digits 1.1.4 Local Buffer Overflow Privilege Escalation if setuid/setgid Discoverd by NA , NA at tutanota.com Downloaded and tested upon Kali Linux Vendor has been notified. Description ------------- 4digits is a guess-the-number puzzle game. It's also...

ntp: crash with crafted logconfig configuration command

It was found that ntpd could crash due to an uninitialized variable when processing malformed logconfig configuration commands...

Debian Security Advisory DSA 3388-1 (ntp - security update)

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs: CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if: ntpd enabled remote...

CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

CVE-2015-8325

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

CVE-2015-8325

CVE-2015-8325 affects OpenSSH sshd where, with UseLogin enabled and PAM reading user .pam_environment files, a local user can trigger a crafted environment for /bin/login (eg via LD_PRELOAD) to gain privileges. Affected context in the provided connected documents centers on OpenSSH scenarios in v...

MetInfo 5.3.1 存在变量覆盖漏洞(可重置管理员账号密码)

No description provided by source...

Zarafe.net CMS 1.0 SQL Injection

Exploit Title : Zarafe.net CMS SQL Injection Vulnerability Exploit Author : Iran Cyber Security Group ICSG Discovered By : 0x3a Vendor HomePage : www.zarrafe.net Version : 1.0 Q1 Date : 4 April, 2016 Tested On : Internet Explorer , Win 98 ----------------------------------------- SQL Injection :...

UBUNTU-CVE-2016-4020

The patchinstruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register TPR...

Ovidentia troubleticketsModule 7.6 - Remote File Inclusion

Ovidentia troubleticketsModule 7.6 - Remote File Inclusion Title: Ovidentia Module troubletickets 7.6 GLOBALSbabInstallPath Remote File Inclusion Vulnerability Author: bd0rk || SCHOOL-OF-HACK.NET eMail: bd0rkathackermail.com Website: http://www.school-of-hack.net Download:...

seacms variable override vulnerability

SeaCms is a set of applications for building online movies with PHP+MYSQL architecture. A global variable override vulnerability exists in seacms version 6.26. An attacker who successfully exploits this vulnerability can directly access the administration backend of the website...

Bumble: [CRITICAL] Full account takeover using CSRF

Hi , I have found a CSRF issue that allows an attacker to link his gmail , facebook ... or any social account to the victim's account and hijack the whole account. Details: When a user tries to link a gmail account with his account , after he authorizes badoo to use his gmail account he will be...

phpshe v1.1 order.php 存在变量覆盖漏洞(导致可绕过付款)

No description provided by source...

Adobe Flash - Object.unwatch Use-After-Free

Adobe Flash - Object.unwatch Use-After-Free Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 https://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug. Roughly 80 of the...

Adobe Flash - Object.unwatch Use-After-Free Exploit

Exploit for multiple platform in category remote exploits Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=716 https://googleprojectzero.blogspot.ca/2016/03/life-after-isolated-heap.html The bug is an uninitialized variable in the fix to an ActionScript 2 use-after-free bug...

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

Cisco UCS Manager GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash, Shellshock) - Active Check

On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...