UBUNTU-CVE-2014-9323

The xdrstatusvector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service NULL pointer dereference, segmentation fault, and crash via an opresponse action with a non-empty status...

Google Blacklists Sites Peddling SoakSoak Malware

UPDATE Google blacklisted more than 10,000 different websites over the weekend that it spotted doling out SoakSoak malware, but experts claim the number of impacted sites may ultimately be ten times that figure. Up to 100,000 sites hosted on WordPress may be vulnerable to a campaign known as...

Debian Security Advisory DSA 3099-1 (dbus - security update)

Simon McVittie discovered that the fix for CVE-2014-3636 was incorrect, as it did not fully address the underlying denial-of-service vector. This update starts the D-Bus daemon as root initially, so that it can properly raise its file descriptor count. In addition, this update reverts the...

CVE-2014-8732

CVE-2014-8732 CVSSv2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C CVSSv2 Base Score=7.5 CVSSv2 Temp Score=7.5 OWASP Top 10 classification: A3 - Cross Site Scripting There is a stored xss vulnerability in phpMemcachedAdmin. Most of the user-specified input fields which are displayed on several...

cve-2 0 1 4-0 5 6 9 exploit analysis-exploit warning-the black bar safety net

0×0 0 Description From the CVE vulnerability description: ! enter image description here Test environment: Win7 SP1 + Flash ActiveX 15.0.0.167 0×0 1 exploit analysis Description about the vulnerabilities of the key code, first look at the heap spray memory layout: ! enter image description here...

CVE-2014-8627

PolarSSL 1.3.8 does not properly negotiate the signature algorithm to use, which allows remote attackers to conduct downgrade attacks via unspecified vectors...

mysql: unspecified vulnerability related to SRCHAR (CPU July 2014)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR...

Ebay Magento Bug Bounty #1 - Persistent API Vulnerability

Document Title: =============== Ebay Magento Bug Bounty 1 - Persistent API Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1202 eBay Inc. Bug Bounty Program ID: EIBBP-26643 Release Date: ============= 2014-11-17 Vulnerability Laboratory ID...

UBUNTU-CVE-2014-3755

The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service hang and resource consumption via a local file reference in an 1 image tag or 2 XML stylesheet in an SVG file...

CorelDRAW X7 CDR File (CdrTxt.dll) Off-By-One Stack Corruption Vulnerability

No description provided by source. CorelDRAW X7 CDR File CdrTxt.dll Off-By-One Stack Corruption Vulnerability Vendor: Corel Corporation Product web page: http://www.corel.com Affected version: 17.1.0.572 X7 - 32bit/64bit EN 15.0.0.486 X5 - 32bit EN Summary: CorelDRAW is one of the image-creating...

CorelDRAW X7 CDR File - 'CdrTxt.dll' Off-by-One Stack Corruption

CorelDRAW X7 CDR File CdrTxt.dll Off-By-One Stack Corruption Vulnerability Vendor: Corel Corporation Product web page: http://www.corel.com Affected version: 17.1.0.572 X7 - 32bit/64bit EN 15.0.0.486 X5 - 32bit EN Summary: CorelDRAW is one of the image-creating programs in a suite of graphic arts...

Code injection

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript...

php: multiple buffer over-reads in php_parserr

Multiple buffer over-read flaws were found in the phpparserr function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to crash a PHP application that used the dnsgetrecord function to perform a DNS query...

Enalean Tuleap 7.2 - XML External Entity File Disclosure

Vulnerability title: Tuleap = 7.2 External XML Entity Injection in Enalean Tuleap CVE: CVE-2014-7177 Vendor: Enalean Product: Tuleap Affected version: 7.2 and earlier Fixed version: 7.4.99.5 Reported by: Jerzy Kramarz Details: A multiple XML External Entity Injection has been found and confirmed...

Sandworm（CVE-2 0 1 4-4 1 1 4 related to the threat of a comprehensive analysis of the report — and to chasing shadows Security Platform detection problem of the complex disk-vulnerability warning-the black bar safety net

1 threat card and introduction ! CVE-2 0 1 4-4 1 1 4 is in the OLE package Manager the INF arbitrary code execution vulnerability, the vulnerability affects Win Vista, Win7 and aboveoperating system, the attackers used PowerPoint as an attack vector, the vulnerability is in the Microsoft Windows...

CVE-2014-6520

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL...

Design/Logic Flaw

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML...

CVE-2014-6491

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500...

DNS Reverse Lookup Shellshock Exploit

DNS reverse lookups can be used as a vector of attack for the bash shellshock vulnerability. DNS Reverse Lookup as a vector for the Bash vulnerability CVE-2014-6271 et.al. CVE-2014-3671 references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277, CVE-2014-6278 CVE-2014-7186 and, CVE-2014-7187 Summary...

Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities

Document Title: =============== Files Document & PDF 2.0.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1341 Release Date: ============= 2014-10-14 Vulnerability Laboratory ID VL-ID: ====================================...