Debian Linux Security Advisory 3402-1 - Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications.
ff3dbe67d87758463ba6a81b35d259e61d5c04ec87f0c71acbd9647d9057be87
Red Hat Security Advisory 2015-2514-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on JBoss Application Server. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
75335dd065056ea1cef0c6b958cc10c427ec1190557c5bc7f6542783c250cd63
KNX management software ETS version 4.1.5 build 3246 suffers from a buffer overflow vulnerability that allows for remote code execution.
26fb1ecb52a068327a64aefb6a20a38aa566c00c1c8b2378b3520c7110cdc0a6
Neos CMS version 2.0.3 suffers from cross site scripting and remote shell upload vulnerabilities.
32f565a1e4aa0ba4f3cc4e6ff2e96c53df2ff5dc3c7b30ec6666056d0a5ec619
The attached testcase crashes Windows 7 32-bit due to a pool buffer overflow in an ioctl handler. Enabling special on ndis.sys netio.sys and ntoskrnl helps to track down the issue, however it will crash due to a bad pool header without special pool as well.
3403491c7fbf36174b15a563987a49c4a34c9dfe661dfceec3ca982b901368ad
The 3D Vision service nvSCPAPISvr.exe installed as part of typical driver installations runs at Local System and has an insecure named pipe server. One of the commands in the server can be used to set an Explorer Run key for the system which would allow a user to get code executing in the session of any other user who logs on to the same machine leading to elevation of privilege. In Windows Domain environments it would also be possible to exploit the vulnerability between machines if the attacker has access to a valid user account on one domain joined machine.
05dc63568af8d130fdd2c6b9e0a909e6ec48e67727f943ffc38e725c2e25e0c2
The attached poc crashes 32-bit Windows 7 with a screen resolution of 1024x768 and 32bit color depth. The crash occurs during a memmove operation while copying the cursor content from unmapped memory. This could potentially be used by an attacker to leak kernel memory. When reproducing this issue in VMWare, it is necessary to remove VMWare tools. In QEMU the issue reproduces reliably.
4a4737c7da3e9d60d2829fc4216a2923ae3dd4946af77f8b03906129aa0fc6ba
The attached testcase crashes Window 7 32-bit with Special Pool enabled on win32k.sys due to a use-after-free condition. The bug appears to be a race condition between two threads and multiple runs on the PoC might be required to trigger the bug. This is more reliable on systems with multiple cores.
98cd61cfa57d50f4a3e3d1dc2c080a9c2743333c59a9c028d17d2c5241c7bd9a
The Microsoft Windows kernel suffers from an NtUserScrollDC memory corruption vulnerability.
9c9d7819c17ae0f14fbcf5250fe9bc87ec36941d7e0e1a71bc9c128bc94d7ef8
The Microsoft Windows kernel suffers from a use-after-free vulnerability with device contexts and NtGdiSelectBitmap.
f9138be83b6665e583fb9a0c2edbf82da6a8ba0567aba68654dad7c01ffa36d5
MODX Login Extra versions prior to 1.9.1 suffer from a cross site scripting vulnerability.
8866751a93597637a538bf0220137db267a389e38a5051f40a3903cc78ebdc36
RXTEC RXAdmin login page from UPDATE 06 / 2012 suffers from a remote SQL injection vulnerability.
940590a69e2048c5513b7eb24f981f9183f5c6fa25601b46fcf091c4812f94f5
Polycom BToE Connector up to version 2.3.0 allows unprivileged windows users to execute arbitrary code with SYSTEM privileges.
8f7f179c0390f32c61f7e5d9ef5dff39e836b126a057fbd52f32854d89498f84
Huawei HG253s V2 suffers from a remote information disclosure vulnerability.
2e2018d16f6a7f8cddf71c09432c4a1048d6e439aa44ce1118910a868470d54c
Dimofinf version 3.0.0 cookie SQL injection exploit.
ae127634dd77d4b81b85ee2ddebae17c44d195b88e620121ef01740d5ac84f53