Adobe Flash - 'uint' Capacity Field

Source: https://code.google.com/p/google-security-research/issues/detail?id=504 The latest version of the Vector. length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows. While it’s no longer possible to obviously bypass the length check there’s still...

IBM OpenPages GRC Platform Information Disclosure Vulnerability

IBM OpenPages GRC Platform is a suite of governance, risk and compliance platforms for managing enterprise risk and compliance challenges. IBM OpenPages GRC Platform has a security vulnerability that allows a remote attacker to submit a special request to obtain sensitive information from an erro...

VuFind 1.0 Cross Site Scripting

VuFind 1.0 Web Application Reflected XSS Cross-site Scripting 0-Day Bug Security Issue Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability Product: VuFind Vendor: VuFind Vulnerable Versions: 1.0 Tested Version: 1.0 Advisory Publication: September 20, 2015...

Multiple Adobe Products Input Validation Vulnerabilities

Adobe Flash Player, Adobe AIR SDK, and Adobe AIR SDK & Compiler are products of Adobe, Incorporated.Adobe Flash Player is a multimedia player; Adobe AIR SDK and Adobe AIR SDK & Compiler are standard development kits for Adobe AIR a cross-OS runtime environment. Adobe Flash Player is a multimedia...

CVE-2015-5568

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service vector-length corruption ...

CVE-2015-5568

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service vector-length corruption ...

Memory corruption

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service vector-length corruption ...

UBUNTU-CVE-2015-5568

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service vector-length corruption ...

CVE-2015-5568

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service vector-length corruption ...

CVE-2015-5568

CVE-2015-5568 affects Adobe Flash Player and related AIR components. Public docs confirm this vulnerability is part of the APSB15-23 set and is tied to a vector-length corruption that could enable a denial of service or other impact. Affected software and versions per the sources include: Windows...

Adobe Flash Player <= 18.0.0.232 Multiple Vulnerabilities (APSB15-23)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.232. It is, therefore, affected by multiple vulnerabilities : - An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. CVE-2015-5567,...

Adobe AIR for Mac <= 18.0.0.199 Multiple Vulnerabilities (APSB15-23)

The version of Adobe AIR installed on the remote Mac OS X host is equal or prior to version 18.0.0.199. It is, therefore, affected by multiple vulnerabilities : - An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. CVE-2015-5567, CVE-2015-5579 - A...

Google Chrome < 45.0.2454.99 Multiple Vulnerabilities (Mac OS X)

The version of Google Chrome installed on the remote Mac OS X host is prior to 45.0.2454.99. It is, therefore, affected by multiple vulnerabilities : - An unspecified stack corruption issue exists that allows a remote attacker to execute arbitrary code. CVE-2015-5567, CVE-2015-5579 - A vector...

Air Drive Plus v2.4 iOS - File Upload Vulnerability

Document Title: =============== Air Drive Plus v2.4 iOS - File Upload Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1597 Release Date: ============= 2015-09-21 Vulnerability Laboratory ID VL-ID: ==================================== 1597...

Hardcoded credentials

Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sniffing the network for ciphertext data...

Flash Player < 18.0.0.232 Multiple Vulnerabilities (APSB15-19)

Binary data 8857.prm...

Google Android - &#039;Stagefright&#039; Remote Code Execution

!/usr/bin/env python Joshua J. Drake @jduck of ZIMPERIUM zLabs Shout outs to our friends at Optiv formerly Accuvant Labs C Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 www.zimperium.com Exploit for RCE Vulnerability CVE-2015-1538 1 Integer Overflow in the libstagefright MP4 ‘sts...

[SECURITY] Fedora 23 Update: libwmf-0.2.8.4-46.fc23

A library for reading and converting Windows MetaFile vector graphics WMF...

Low: Red Hat Security Advisory: libunwind security update

Updated libunwind packages that fix a security flaw are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

EMC Documentum Content Server: arbitrary code execution &#40;incomplete fix in CVE-2015-4532&#41;

Product: EMC Documentum Content Server Vendor: EMC Version: ANY CVE: N/A Risk: High Status: public/not fixed For detailed description see http://seclists.org/bugtraq/2015/Jul/51 New behavior introduced in CVE-2015-4532: API ?,c,execute domethod WITH METHOD='dmbptransition', ARGUMENTS=' repo repo...