DEBIAN-CVE-2015-2935

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."...

DEBIAN-CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

UBUNTU-CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

UBUNTU-CVE-2015-2942

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service CPU and memory consumption via a large number of nested entity references in an 1 SVG file or 2 XMP metadata in a PDF file, aka a "billion laughs attack," ...

Oracle Linux 6 / 7 : setroubleshoot (ELSA-2015-0729)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-0729 advisory. 3.2.17-4.1.0.1 - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com 3.2.17-4.1 - Fix getrpmnvrtemporary functions...

724CMS has multiple information leakage vulnerabilities

724CMS is a content management system. 724CMS has multiple information disclosure vulnerabilities. An attacker can exploit the vulnerabilities to obtain sensitive information...

USN-2548-1 batik vulnerability

Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption...

Taming the wild copy: Parallel Thread Corruption

Posted by Chris Evans, Winner of the occasional race Back in 2002, a very interesting vulnerability was found and fixed in the Apache web server. Relating to a bug in chunked encoding handing, the vulnerability caused a memcpy call with a negative length with the destination on the stack. Of...

Apache Batik Information Disclosure Vulnerability

Apache Batik is a Java-based technology SVG Scalable Vector Graphics toolkit , you can view , generate and process SVG format images . Apache Batik has a security vulnerability that can be exploited by attackers to send malicious SVG files and obtain sensitive information...

Microsoft IE Memory Corruption Vulnerability (CNVD-2015-01683)

Microsoft Internet Explorer is a popular WEB browser. An unspecified memory corruption vulnerability exists in Microsoft Internet Explorer that could allow an attacker to construct a malicious web page and trick a user into parsing it, which could crash the application or execute arbitrary code...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution via unsafe svg animation tags. Details Exploit Example: html Here the anchor's href is animated, starting from a value that's a javascript URI. This allows execution of arbitrary javascript in the process...

Adobe: Adobe XSS

A cross-site scripting vulnerability exists in the "productname" variable of this Adobe web application. The XSS vector can be changed to work across browsers, and the following proof-of-concept works in Firefox. Proof-of-concept:...

Beckwith Electric TCP Initial Sequence Vulnerability

OVERVIEW Raheem Beyah, David Formby, and San Shin Jung of Georgia Tech, via a research project partially sponsored by the Georgia Tech National Electric Energy Testing Research and Applications Center, have identified a TCP initial sequence numbers vulnerability in two of Beckwith Electric’s...

Angler Exploit Kit Uses Domain Shadowing technique to Evade Detection

The world’s infamous Angler Exploit Kit has become the most advanced, much more powerful and the best exploit kit available in the market, beating the infamous BlackHole exploit kit, with a host of exploits including zero-days and a new technique added to it. Angler Exploit Kit's newest technique...

SolarWinds Orion Service - SQL Injection

I found a couple SQL injection vulnerabilities in the core Orion service used in most of the Solarwinds products SAM, IPAM, NPM, NCM, etc…. This service provides a consistent configuration and authentication layer across the products. To be exact, the vulnerable applications and versions are:...

D-Link DIR636L Remote Command Injection Vulnerability

D-Link DIR636L suffers from a remote command injection vulnerability. SWISSCOM CSIRT SECURITY ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2015-1187 Product: D-Link DIR636L Vendor: D-Link Subject: Remote Command Injection - Incorrect Authentication Effect: Remotely exploitable Author:...

Google Play services information disclosure vulnerability

Google Play is an online app store developed by Google for Android devices. Google Play services suffers from an information disclosure vulnerability that allows an attacker to gain access to a Google account through a carefully crafted application...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability

IBM Maximo Asset Management is a suite of IT asset management solutions from IBM USA. A cross-site scripting vulnerability exists in IBM Maximo Asset Management that allows a remote, authenticated user to inject arbitrary web script or HTML via unspecified vector 7...

Mozilla: Out-of-bounds read and write while rendering SVG content (MFSA 2015-19)

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic...

UBUNTU-CVE-2015-0827

Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic...