SMF (Simple Machine Forum) versions 2.0.10 and below remote memory exfiltration exploit.
839a2e92d517f7cb38a35ae0c372edcf59dfd86ed247215c387c6d6b12bf6316
A file inclusion vulnerability in "BIRT Viewer" servlet used in BMC Remedy AR Reporting has been discovered. Versions 8.1 and 9.0 are affected.
257cc0fd068f03a307cbab920950a5dbba966d365015b81a1f67198b1529af6a
Red Hat Security Advisory 2015-1837-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow issue was found in the QEMU emulator's VNC display driver. It could occur while refreshing the VNC server's display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host.
25a986a69f69dfb4207b40a2147c13f035bbe0b10e30563935730b794dd67a88
Ubuntu Security Notice 2744-1 - Halfdog discovered that Apport incorrectly handled kernel crash dump files. A local attacker could use this issue to cause a denial of service, or possibly elevate privileges. The default symlink protections for affected releases should reduce the vulnerability to a denial of service.
dee7f3fa2888859a2f779bee89c68c507cea1c1a90dff31a934e31fb62b1d8a9
Due to a server misconfiguration, customers of Unified Layer suffer from a remote shell upload vulnerability.
38bbe1895961c77f3c46b4f57c4870d647343451c3a8616690b2f3361d104493
Debian Linux Security Advisory 3366-1 - A remotely triggerable use-after-free vulnerability was found in rpcbind, a server that converts RPC program numbers into universal addresses. A remote attacker can take advantage of this flaw to mount a denial of service (rpcbind crash).
98be0a92a93f054d0e77b6763c292f565ae1d55068b02c508f3de091e937e53d
A file inclusion vulnerability in the "BIRT Engine" servlet used in BMC Remedy AR Reporting has been discovered. Versions 8.1 and 9.0 are affected.
d1c67acf2296b14667db65143804438a4df4fc202748bde4c1b51d8b462144c0
Flowdock API suffered from a script insertion vulnerability.
ba260a05957e34276837655ae4846ed931f035bdf3bcdc1cd399b333cb422879
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
b16eaed1f29c3e383214f3804adce7b21d4bb13db5a0dfba3fd719b3544cf305
Cisco AnyConnect Secure Mobility Client for OS X is affected by a vulnerability that allows local attackers to mount arbitrary DMG files at arbitrary mount points. By exploiting this vulnerability is is possible for the attacker to gain root privileges. Cisco reports that a similar issue also exists in Cisco AnyConnect Secure Mobility Client for Linux.
66660159f211f495d60f7ca1acea5dbe4e444722621da4f69354d6747a67fc1b
Debian Linux Security Advisory 3365-1 - Multiple security issues have been found in Iceweasel, Debian's version integer overflows, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.
9f06181535993a2ed1465714f151805630edd6d8b335d381b49719f716301fdc
RSA Archer GRC version 5.5.3 suffers from cross site scripting, improper authorization, and information disclosure vulnerabilities.
c54811b8c5daa0f2f91c5eb39b919b6ddcb97837b722c57d324f1fd49df6558d
Cisco Security Advisory - A vulnerability in the processing of IPv4 packets that require Network Address Translation (NAT) and Multiprotocol Label Switching (MPLS) services of Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4300 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers could allow an unauthenticated, remote attacker to cause a reload of the affected device. The vulnerability is due to improper processing of IPv4 packets that require NAT and MPLS processing. An attacker could exploit this vulnerability by sending an IPv4 packet to be processed by a Cisco IOS XE device configured to perform NAT and MPLS services. A successful exploit could allow the attacker to cause a reload of the affected device. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate this vulnerability.
426911a2340b77ce46c2ba99fd3f3b7030de0d1d02a5d5585ee5a5138cc0f294
Cisco Security Advisory - A vulnerability in the SSH version 2 (SSHv2) protocol implementation of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to bypass user authentication. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configured for the Virtual Teletype (VTY) line. Depending on the configuration of the user and of the vty line, the attacker may obtain administrative privileges on the system. The attacker cannot use this vulnerability to elevate privileges. The attacker must know a valid username configured for RSA-based user authentication and the public key configured for that user to exploit this vulnerability. This vulnerability affects only devices configured for public key authentication method, also known as RSA-based user authentication feature. Cisco has released software updates that address this vulnerability. Workarounds for this vulnerability are not available; however administrators could temporarily disable RSA-based user authentication to avoid exploitation.
6bb5a45a2fbd512ed3aa4d90ff71881a50ad9af02083391db8eaf255a2cc93bb
Cisco Security Advisory - Two vulnerabilities in the IPv6 first hop security feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. Cisco has released software updates that address these vulnerabilities. There are no workarounds to mitigate these vulnerabilities.
e1f2da6fedc66d63bb64c173c44f2ac66b96073b0f040599afe50fd556f7059a
UltraEdit version 22.20 suffers from a buffer overflow vulnerability.
adcf8a3d5f0c3748dac9b35b34f0d3539924300c71ddb8aaaa96180e87d99490
WiFi Drive CR version 1.0 suffers from a file upload vulnerability that allows for malicious script execution.
6f4c0e90400ddb9bc62a317bbf688b4b45f93981ac1ef7a4dd8e7ff43d6ad413
Flowdock API suffers from a script insertion vulnerability.
7e6189349fba12fd6c7e3dcb27db488a15f5b36eef129eae39771e631f2f5544
The attached proof of concept exploit triggers a buffer overflow in the NtGdiBitBlt system call. It reproduces reliable on Win 7 32-bit with Special Pool enabled on win32k.sys.
f8fe51bd5f2d627380ec1e9bcb00b3ca0c6353262e9aa8b4b1b4ac9c99cb457a
This python script checks for the OpenSSL memory leak named Heartbleed and as noted in CVE-2014-0160. It can be used for different SSL TLS versions and multiple (HTTPS/SMTP/IMAP/POP3) protocols. It is optimized for mass scans.
89791cf81b92b962ceaf4da83a28781f5cf9ed884168321574cab9f157657409