Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
54a85ca989c4eaff178f934a3bf1f889b5563dba98e78c59197f8309e65b7406Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. Versions 1.6 through 1.13 are affected.
226a436c7b3ab43566f0b5d55d84ab755d746a38d7b3256777c317a174b2d47eSecunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error when processing CMAP table within Open Type Font (OTF) files and can be exploited to cause a kernel crash or disclose kernel memory via a specially crafted table encoding record offset within a OTF file.
b3fe5824069c9a4b95decbd65be8308681bcd9c605cd54f833850c4f9d059f76MyBB version 1.8.6 suffers from multiple cross site scripting vulnerabilities.
09a5d3981d355ec0a29e90ee57d1093fb1ebc1eb4d6c9e3e9940a391386d94b3Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a use-after-free error within the "GetTxObj()" function (vsflw.dll), which can be exploited to corrupt memory via a specially crafted PRZ file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.
2914cbdd4b457ca4d8242168827399762469f8bf788d8cf4f0710b5fe8753b51Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "VwStreamRead()" function (vssdw.dll), which can be exploited to cause a heap-based buffer overflow via a specially crafted SDW file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.
78350c71c5f276b3da2aa8e819d6553d9cb28796c9ee72b50e2724bca05b1a3cA specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is able to get any application that uses WININET to make a request to a server under his/her control may be able to disclose information stored after this memory block. This includes Microsoft Internet Explorer.
94c41624ff0f1959d2d6ec3ad4d68a44468068d2211d86e587904cea67366cf44images versions 1.7.13 and below suffer from a remote SQL injection vulnerability.
74de1ddc3bddc388cd27bca15944047be987925a71644ccbc0bf1a487955531bExponent CMS version 2.4.0 suffers from a remote blind SQL injection vulnerability.
efb6f348b4c97ed885446cc19619c0d5dcfbb991b1688207a51826ebad74cb58CA Technologies Support is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (formerly CA Nimsoft). The first vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs. A remote attacker can potentially acquire a session ID and bypass authentication or elevate privileges. The second vulnerability, CVE-2016-9164, is a path traversal information disclosure vulnerability associated with the diag.jsp file. A remote attacker can potentially access sensitive information. The third vulnerability, CVE-2016-5803, is a path traversal information disclosure vulnerability associated with the download_lar.jsp file. A remote attacker can potentially access sensitive information. CA Technologies has assigned Medium and High risk ratings to these vulnerabilities. Solutions are available.
401bc9e25b7ad17f38793debbf4334be9ee3ec63ae80d59175c80f5dfab7a0f5CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.
673ed63e14abaf0f4405e8d215276a71e6f485dc124f84f87514f2a904f86219HP Security Bulletin HPSBGN03670 1 - A vulnerability in the Apache Commons Collections library for handling Java object deserialization was addressed by HPE Business Service Management (BSM). The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
ad6a1cd2eec0673197a05b1d4804c60fd20405c5bf9fb7823c1a6507e7b5cd6cRed Hat Security Advisory 2016-2695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service via a crafted sendmsg system call.
5c9d8351889bf9f327197170f7a0516920b25f9a93bc9f8eba170c668ad60d6fRed Hat Security Advisory 2016-2694-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
975bf4faa412e15c29690d447ef66e3a6f362de20d4bbe03ecca1f728ef6f737Ubuntu Security Notice 3125-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
ebbb9dd99d4d4747c3700c5ee2ba26996c0c622e1a49ae4a8d2ca5b4b29fb07dDebian Linux Security Advisory 3709-1 - Nick Wellnhofer discovered that the xsltFormatNumberConversion function in libxslt, an XSLT processing runtime library, does not properly check for a zero byte terminating the pattern string. This flaw can be exploited to leak a couple of bytes after the buffer that holds the pattern string.
e9f4c5e8f4ffec25cedcc9f8673de95787a9afacc9fb00ca49b177c338e35ae4Red Hat Security Advisory 2016-2676-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.644. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
e8b6449931f34d73e3da6e598f0e32ce18e95666922f0c3188ec60f7ed5ef541OpenSSL Security Advisory 20161110 - TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. Other issues were also addressed.
7d300c6b562eaed0f91128984b69ea54c53d0cb33d26bbf0bbadb6c8189b7e19Vlany is a Linux rootkit that provides process hiding, user hiding, network hiding, LXC container, anti-debug, anti-forensics, persistent reinstalls, dynamic linker modifications, backdoors, and more.
f8988b56610db94e4f461b587735813c4396591d094d10be55ff1550496bacbeMicrosoft Internet Explorer versions 9, 10, and 11 suffer from an MSHTML PROPERTYDESC::HandleStyleComponentProperty out-of-bounds read.
69867369c8cff2f756daea66abcef97b67f77b7116041fb4cfb63a932b7b4769Nero version 7.10.1.0 suffers from an unquoted service path privilege escalation vulnerability.
bad453dd996e32dcdd658e911ef7091ccb817266a006aad8aa09bc2e7fc877b3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed