zf-oauth2 security bypass vulnerability

OAuth is an open web standard for authorization that is widely used around the world and is currently in version 2.0. A security bypass vulnerability exists in zf-oauth2, which can be exploited by an attacker to bypass security restrictions and perform unauthorized operations...

CVE-2015-2632

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D...

Significant Flash exploit mitigations are live in v18.0.0.209

Posted by Mark Brand and Chris Evans, isolators of heaps Whilst Project Zero has gained a reputation for vulnerability and exploitation research, that's not all that we do. One of the main reasons we perform this research is to provide data to defenders; and one of the things that defenders can d...

Adobe Reader/Acrobat Security Bypass Vulnerability (CNVD-2015-04636)

Adobe Reader Acrobat is the United States Adobe developed a very popular and excellent PDF document reading software. A security bypass vulnerability exists in Adobe Reader/Acrobat that allows an attacker to bypass intended access restrictions and perform a low-to-high integer conversion via an...

Microsoft SQL Server Remote Code Execution Vulnerability (CNVD-2015-04706)

Microsoft SQL Server is the United States Microsoft Microsoft company develops and maintains a set of applications in the Microsoft Windows system under the large commercial database system. A remote code execution vulnerability exists when Microsoft SQL Server fails to properly handle internal...

Adobe Reader/Acrobat integer overflow vulnerability (CNVD-2015-04634)

Adobe Reader Acrobat is the United States Adobe developed a very popular and excellent PDF document reading software. Adobe Reader/Acrobat has an integer overflow vulnerability that allows an attacker to execute arbitrary code through an unspecified vector...

UBUNTU-CVE-2015-2628

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA...

Hacking Team Flash New 0Day exploit code analysis-vulnerability warning-the black bar safety net

The weekend early in the morning, you see the know Chong Yu on the microblogging said, the Hacking Team and leaked to the new Flash 0Day in the current measured. Thus the author download a copy of the exploit code, tested indeed in the latest version available, currently the official Adobe did no...

kernel: pipe: iovec overrun leading to memory corruption

It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array...

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 5.6 Long Life. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign

Adobe has already released a patch for CVE-2015-3113 with an out-of-band security bulletin . FireEye recommends that Adobe Flash Player users update to the latest version as soon as possible. FireEye MVX detects this threat as a web infection, the IPS engine reports the attack as CVE-2015-3113, a...

RubyGems BSON Denial of Service Vulnerability

RubyGems or gems for short is a Ruby packaging system for packaging Ruby components. A denial of service vulnerability exists in RubyGems BSON. This vulnerability allows attackers to launch denial of service attacks...

MGASA-2015-0240 Updated rabbitmq-server packages fix security vulnerabilities

Updated rabbitmq-server package fixes security vulnerabilities: RabbitMQ before 3.4.1 does not prevent /api/ from returning text/html error messages which could act as an XSS vector CVE-2014-9649. RabbitMQ before 3.4.1 has a response-splitting vulnerability in /api/downloads CVE-2014-9650. In...

[SECURITY] Fedora 21 Update: batik-1.8-0.18.svn1230816.fc21

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

[SECURITY] Fedora 20 Update: batik-1.8-0.12.svn1230816.fc20

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

[SECURITY] Fedora 22 Update: batik-1.8-0.18.svn1230816.fc22

Batik is a Javatm technology based toolkit for applications that want to use images in the Scalable Vector Graphics SVG format for various purposes, such as viewing, generation or manipulation...

Unity Web Player Zero-Day Vulnerability Disclosed

Some detail has been disclosed about a zero-day vulnerability in the Unity Web Player browser plugin that can allow an attacker to use a victim’s credentials to read messages or otherwise abuse their access to online services. The partial disclosure was made after nearly six months of bug-report...

UBUNTU-CVE-2015-1805

The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly gain privileges via a...

CVE-2015-1805

The 1 piperead and 2 pipewrite implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed copytouserinatomic and copyfromuserinatomic calls, which allows local users to cause a denial of service system crash or possibly gain privileges via a...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the login page in IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for Software Use Analysis 9 before 9.1.0.2 allows remote attackers to hijack the authentication of arbitrary users via vectors involving a FRAME element...