UBUNTU-CVE-2016-6747

A denial of service vulnerability in Mediaserver in Android before 2016-11-05 could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Android ID: A-31244612. References: NVIDIA...

UCanCode - Multiple Vulnerabilities

Exploit for windows platform in category dos / poc UCanCode multiple vulnerabilities Url: http://www.hmi-software.com/ http://www.ucancode.net/index.htm http://www.ucancode.net/bbs/zhuce/login.htm Description: Form vendor's web page "UCanCode Software is a Market Leading provider of HMI & SCADA,...

UCanCode - Multiple Vulnerabilities

UCanCode - Multiple Vulnerabilities UCanCode multiple vulnerabilities Url: http://www.hmi-software.com/ http://www.ucancode.net/index.htm http://www.ucancode.net/bbs/zhuce/login.htm Description: Form vendor's web page "UCanCode Software is a Market Leading provider of HMI & SCADA, CAD, UML, GIS,...

Wordpress Olimometer 2.56 Plugin - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Olimometer Plugin for WordPress – Sql Injection Date: 14/11/2016 Exploit Author: TAD GROUP Vendor Homepage: https://wordpress.org/plugins/olimometer/ Software Link: https://wordpress.org/plugins/olimometer/ Contact:...

Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread Use-After-Free Exploit

A specially crafted web-page can cause the iertutil.dll module of Microsoft Internet Explorer 11 to free some memory while it still holds a reference to this memory. The module can be made to use this reference after the memory has been freed. Unlike many use-after-free bugs in MSIE, this issue,...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2016-11328)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

Reason Core Security 1.1.2 Privilege Escalation Vulnerability

Reason Core Security version 1.1.2 suffers from an unquoted service path privilege escalation vulnerability. ===================================================== Exploit Title : Reason Core Security - Unquoted Service Path Privilege Escalation Affected Products: Reason Core Security v1.1.2 -...

Fedora Update for kdepim FEDORA-2016-1b042a79bd

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft WININET.dll - CHttp­Header­Parser::Parse­Status­Line Out-of-Bounds Read (MS16-104MS16-105)

Microsoft WININET.dll - CHttp­Header­Parser::Parse­Status­Line Out-of-Bounds Read MS16-104MS16-105 !-- Source: http://blog.skylined.nl/20161110001.html Synopsis A specially crafted HTTP response can cause the CHttp­Header­Parser::Parse­Status­Line method in WININET to read data beyond the end of ...

VBScript 5.8.7600.16385 / 5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read Exploit

Exploit for windows platform in category dos / poc !-- Source: http://blog.skylined.nl/20161108001.html Synopsis A specially crafted script can cause the VBScript engine to read data beyond a memory block for use as a regular expression. An attacker that is able to run such a script in any...

Microsoft Video Control Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Video Control fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user...

Sophos Web Appliance 4.2.1.3 Privilege Escalation Vulnerability

Sophos Web Appliance version 4.2.1.3 suffers from a privilege escalation vulnerability. An unprivileged user can obtain an MD5 hash of the administrator password which can then be used to discover the plain-text password. Title: Sophos Web Appliance Privilege Escalation Advisory ID: KL-001-2016-0...

The vulnerabilities of the Mozilla Firefox browser, the GNOME Eye of GNOME (eog) image viewer for the GNOME desktop environment, the GNOME Evince PDF viewer, and the GIMP graphic editor allow a hacker to trigger a denial-of-service attack.

The vulnerabilities of the Mozilla Firefox browser, the GNOME Eye of GNOME eog image viewer for the GNOME desktop environment, the GNOME Evince PDF viewer, and the GIMP graphic editor are related to code errors. Exploiting these vulnerabilities can allow an attacker to remotely cause service...

Microsoft Internet Explorer 11 MSHTML CView::CalculateImageImmunity Use-After-Free

Throughout November, I plan to release details on vulnerabilities I found in web-browsers which I've not released before. This is the second entry in that series. The below information is also available on my blog at http://blog.skylined.nl/20161102001.html. There you can find a repro that...

CVE-2016-9106

Memory leak in the v9fswrite function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption by leveraging failure to free an IO vector...

CVE-2016-9105

Memory leak in the v9fslink function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption via vectors involving a reference to the source fid object...

CVE-2016-9106

Memory leak in the v9fswrite function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption by leveraging failure to free an IO vector...

UBUNTU-CVE-2016-9106

Memory leak in the v9fswrite function in hw/9pfs/9p.c in QEMU aka Quick Emulator allows local guest OS administrators to cause a denial of service memory consumption by leveraging failure to free an IO vector...

Revive Adserver: Reflected XSS on Zones > Invocation Code

"Cricetinae" : This report is similar to my earlier report: 170156. Short Description The Close text parameter in Inventory Zone Invocation Code is vulnerable to Cross-Site Scripting vulnerability. Steps to Reproduce 1. Logon or Work as an agent. 2. Navigate to Inventory Zones Invocation Code...

New Relic: Potential sub-domain hijacking

Hey New Relic Security team, I noticed what appeared to be a configuration oversight and I wanted to mention it to you. The following domains are currently pointing to Fastly: fr.newrelic.com 151.101.192.207 es.newrelic.com 151.101.0.207 When you visit them, you should see something like this:...