[Главная страница]
[Добавить в избранное]

Страницы: [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]

FBI Recovers WhatsApp, Signal Data Stored On Michael Cohen's BlackBerry

7 Time Jeopardy! Winner Pleads Guilty To Hacking

Hackers Who Sabotaged The Olympic Games Return For More Mischief

Alleged Leaker Of Vault7 Cache Busted By Poor OpSec

US Exposes North Korea Government's Typeframe Malware

PageUp Confirms Some Data Compromised In Breach

Huawei Rejects Australia Security Concerns

Ex-Fitbit Employees Indicted For Allegedly Stealing Secrets

This New Android Malware Delivers Banking Trojan, Keylogger And Ransomware

Xen Project Patches Intel's Lazy FPU Flaw

Quantum Cryptography Demo Shows No Need For New Infrastructure

Ether Doesn't Fall Under SEC Rules

Decades-Old PGP Bug Allowed Hackers To Spoof Just About Anyone's Signature

LuckyMouse Threat Group Attacks Government Websites

Microsoft COM For Windows Improper Serialized Object Handling

Microsoft COM for Windows privilege escalation proof of concept exploit. A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects. An attacker who successfully exploited the vulnerability could use a specially crafted file or script to perform actions. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. The security update addresses the vulnerability by correcting how "Microsoft COM for Windows" handles serialized objects.

RabbitMQ Web Management Cross Site Request Forgery

RabbitMQ Web Management versions prior to 3.7.6 suffer from a cross site request forgery vulnerability.

Pale Moon Browser Use-After-Free

Pale Moon Browser versions prior to 27.9.3 suffer from a use-after-free vulnerability.

Nikto 2.1.6 CSV Injection

Nikto version 2.1.6 suffers from a csv injection vulnerability.

Redatam Web Server Directory Traversal

Redatam Web Server prior to version 7 suffer from a directory traversal vulnerability.

Redis-cli Buffer Overflow

Redis-cli versions prior to 5.0 buffer overflow proof of concept exploit.

Audiograbber 1.83 Buffer Overflow

Audiograbber version 1.83 local SEH buffer overflow exploit.

Joomla Jomres 9.11.2 Cross Site Request Forgery

Joomla Jomres component version 9.11.2 suffers from a cross site request forgery vulnerability.

phpMyAdmin 4.x Remote Code Execution

phpMyAdmin 4.0.x before, 4.4.x before, and 4.6.x before 4.6.3 does not properly choose delimiters to prevent use of the preg_replace (aka eval) modifier, which might allow remote attackers to execute arbitrary PHP code via a crafted string, as demonstrated by the table search-and-replace implementation.

Tapplock Smart Lock Insecure Direct Object Reference

Tapplock Smart Lock suffers from multiple insecure direct object reference vulnerabilities.

Ubuntu Security Notice USN-3675-3

Ubuntu Security Notice 3675-3 - USN-3675-1 fixed a vulnerability in GnuPG. This update provides the corresponding update for Ubuntu 12.04 ESM. Marcus Brinkmann discovered that during decryption or verification, GnuPG did not properly filter out terminal sequences when reporting the original filename. An attacker could use this to specially craft a file that would cause an application parsing GnuPG output to incorrectly interpret the status of the cryptographic operation reported by GnuPG. Various other issues were also addressed.

Ubuntu Security Notice USN-3687-1

Ubuntu Security Notice 3687-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.

Debian Security Advisory 4231-1

Debian Linux Security Advisory 4231-1 - It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys.

Debian Security Advisory 4230-1

Debian Linux Security Advisory 4230-1 - Multiple vulnerabilities were discovered in the Lua subsystem of Redis, a persistent key-value database, which could result in denial of service.

Debian Security Advisory 4229-1

Debian Linux Security Advisory 4229-1 - Two vulnerabilities were discovered in strongSwan, an IKE/IPsec suite.

HP Security Bulletin MFSBGN03810 1

HP Security Bulletin MFSBGN03810 1 - A potential vulnerability has been identified in UCMDB Server. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.

HP Security Bulletin MFSBGN03809 1

HP Security Bulletin MFSBGN03809 1 - A potential vulnerability has been identified in UCMDB Browser. This vulnerability could be exploited to Deserialization and Cross-site Request forgery (CSRF). Revision 1 of this advisory.

WordPress Redirection 2.7.1 Deserialization Code Execution

WordPress Redirection plugin version 2.7.1 suffers from a code execution vulnerability.

CA Privileged Access Manager 2.x Code Execution

CA Technologies Support is alerting customers to multiple potential risks with CA Privileged Access Manager. Multiple vulnerabilities exist that can allow a remote attacker to conduct a variety of attacks. These risks include seven vulnerabilities privately reported within the past year to CA Technologies by security researchers, and nine vulnerabilities for Xceedium Xsuite that were publicly disclosed in July 2015. CA Technologies acquired Xceedium in August 2015, and Xceedium products were renamed and became part of Privileged Access Management solutions from CA Technologies. Sixteen vulnerabilities are outlined in this advisory.

Apple Security Advisory 2018-06-13-01

Apple Security Advisory 2018-06-13-01 - Xcode 9.4.1 is now available and addresses code execution vulnerabilities.

Easy Chat Server 3.1 Add User Local Buffer Overflow

Easy Chat Server version 3.1 add user local buffer overflow exploit.

RSA Authentication Manager Cross Site Scripting

RSA Authentication Manager versions prior to 8.3 P1 suffer from a cross site scripting vulnerability.

Debian Security Advisory 4228-1

Debian Linux Security Advisory 4228-1 - Several vulnerabilities were found in SPIP, a website engine for publishing, resulting in cross-site scripting and PHP injection.

Ubuntu Security Notice USN-3678-4

Ubuntu Security Notice 3678-4 - Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations. An attacker could use this to specially craft an ext4 file system that caused a denial of service when mounted. It was discovered that the 802.11 software simulator implementation in the Linux kernel contained a memory leak when handling certain error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

Red Hat Security Advisory 2018-1852-01

Red Hat Security Advisory 2018-1852-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an information leakage vulnerability. Новости | Севастополь| Crimea-Karro

Страницы: [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17]