It is possible for an attacker to execute a DLL planting attack in Microsoft Office with a specially crafted OLE object. Testing was performed on a Windows 7 x64 virtual machine with Office 2013 installed and the latest updates applied. Proof of concept included.
46d45bad78cc0769fb766cd7589210d99767133fd5d226273173fe717d826a5e
dotCMS version 3.2.4 suffers from cross site request forgery, cross site scripting, and open redirection vulnerabilities.
bbb9a245c1b76c149bcb358364c5ed5c4fd2bf936261edd5c955bc0351dc7cb1
This bulletin summary lists twelve released Microsoft security bulletins for December, 2015.
ca328e5637bbd066291f983bf1badf7b4e7b35d95ade5f0aa4586ee7d51b7610
Red Hat Security Advisory 2015-2579-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
7adc2c95a90db0d9990222bb5593457949914b69ecae0ba90e19645906c7f170
Red Hat Security Advisory 2015-2578-01 - Apache Commons Collections is a library built upon Java JDK classes by providing new interfaces, implementations and utilities. It was found that the Apache commons-collections library permitted code execution when deserializing objects involving a specially constructed chain of classes. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using the commons-collections library.
11d49327f51d20383027a6e0ebd090140db8edb804834efaab6040d374895db4
ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.
03ca5035c8a555789ffc39c66287fa1aa9631adb55c10abcd347b9d848a316c2
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. AMD version.
2295ef2574e566e8cd70fc08c1022f3560fd7eb43fee05ca4002d1563fa748aa
oclHashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. NVidia version.
ca5b5c6b00e24ea51fa336f9b6e83e87b30503c34fddb64f94d1c673e2ef55cf
PacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
532230a9f81e541b2804d44d6b860d5dda030b985520791ef4efac2b6ad70d44
This Metasploit module exploits a remote code execution vulnerability in phpFileManager 0.9.8 which is a filesystem management tool on a single file.
6deaa42854a12bc36ae3c7e06620c542ad37b9dff69c0ee0a7ea8a418934ad50
Red Hat Security Advisory 2015-2551-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A privilege escalation flaw was discovered in CloudForms, where in certain situations, CloudForms could read encrypted data from the database and then write decrypted data back into the database. If the database was then exported or log files generated, a local attacker might be able to gain access to sensitive information.
0e2a00eaf5e59d21d582cf1da633d2a7689b72410a24a608a4ece80cc47f7a6e
Red Hat Security Advisory 2015-2561-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. A flaw was found in the way the git-remote-ext helper processed certain URLs. If a user had Git configured to automatically clone submodules from untrusted repositories, an attacker could inject commands into the URL of a submodule, allowing them to execute arbitrary code on the user's system.
d6256e53c301af85e611e6989e5989d92c2a24ac658ddb8a80f76a3417ad1096
Red Hat Security Advisory 2015-2552-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. It was found that the x86 ISA is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way delivering of benign exceptions such as #AC and #DB is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel.
421ad6b6ea77c1424cf5e393206e57d786896019194f078c110c0d12105ef4ca
OpenMRS version 2.3 (1.11.4) suffers from an XML external entity processing vulnerability. The vulnerability is caused due to an error when parsing XML entities within ZIP archives and can be exploited to e.g. disclose data from local resources or cause a DoS condition (billion laughs) via a specially crafted XML file including external entity references.
070b2c30afd808c338b88609b0c09df9664f1cb7251179abf50e418c628aac90
OpenMRS version 2.3 (1.11.4) suffers from an expression language injection vulnerability that can lead to arbitrary java code being executed.
5c4dab04f428aa0abb317abe8b8303796aa919e07d939ded543c5122728dec5d
OpenMRS version 2.3 (1.11.4) suffers from multiple cross site scripting vulnerabilities.
8ddc6fc943cbdcc85d0e438e0ba30364f3e257d65174500b5b0e6a3e76e1cc3f
SHAREit WebShare version 2.3.80 suffers from a cross site scripting vulnerability.
c500140027d0231781da834d5e53ee17c27fc8c506906202157807fcc3638199
OpenMRS version 2.3 (1.11.4) suffers from a local file disclosure vulnerability.
72124e8162958bf12591414a483ea21db4df22c19164f3fc027f91ff1b4a9880
sysPass versions 1.1.2.23 and below suffer from a cross site scripting vulnerability.
fccd3f6bd7b3f2d36da082f59aaa70d871cc6f8aa84ce409fb7f5e31656b9346
PHP Utility Belt suffers from a remote code execution vulnerability.
ba341d0be863b216c242d86dc40d8d7419776d686e9bcdf09a435b886ef684f1
JRSoft InnoSetup executable installers suffer from a DLL hijacking vulnerability.
23c3a9d703e6f64f18b7c20de18f64f87a8815cce1acfca84716961420cfefe4
The executable installer for Nullsoft Scriptable Install System suffers from DLL hijacking vulnerabilities.
ccdd46e5818b0dbedc4279878178a5cf6e2457038d1d43966c56612639a16f64
The executable installer for the VideoLAN Client suffers from DLL hijacking vulnerabilities.
06d549ebc07d5067e07e42895a4d82a9fa7b46ae2fc9574aec65049b635ccd48
SumatraPDF suffers from multiple DLL hijacking vulnerabilities.
27dc14dd449f0656362e2a1fa165d4528d2383f2dcf213a1d7c74b9e5a2afc1e
YesWiki versions 1 and 2 suffers from remote arbitrary file upload and directory traversal vulnerabilities.
ee86e160c76d7dc73d0165e915aca4364f9f5d3507ade379098299763d7ce7ff