The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.
1c5caa1bc8f10c470cf03bf6818986185f51513b9775f6363260cb6e79038c2fDell EMC Avamar ADMe Web Interface is affected by a local file inclusion vulnerability which may allow a malicious user to download arbitrary files from the affected system by sending a specially crafted request to the Web Interface application. Versions 1.0.50 and 1.0.51 are affected.
7acfa0ed5a7472704419b66813b778ef436398a2db8ae457ca89f746c7f72462Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019.
22ac20b59483601b9077fb4862bb70d8f034648a969c478415328a8d85326acaThis is the second of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issue 34 is documented in this report.
67d6d552ce4c167529c7cd84de0d0be125a4bdc6728dcd0cc31fb219c9d4011dThis is the first of two extensive reports sent to Gemalto by Security Explorations to document vulnerabilities found in Java Card. Issues 19 and 33 are in this report.
32aca3def4a46b63b9c8e018bba1b57b074ab1a278951e26deaa861e0b140b14This is the third of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 26 through 32 are in this report.
8d2b759c1b5a470b8d80314d6c5b026ab6eb6c87410e6af99040f73abe993b0fThis is the second of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 20 through 25 are in this report.
223a793bc15195c628f17c4fc553a3c603a66dd2a1b8dff8b24e298ddc831464This is the first of three extensive reports sent to Oracle by Security Explorations to document vulnerabilities found in Java Card. Issues 1 through 18 are in this report.
6c524db6b0b45d01b1e715bfb97219d0ab2f4adb4b4e678d3b24918baa34d69eA type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash the process or leak information from the client system via calendar replies. Proof of concept included.
ef2673a39e913d07181596a62fd8c9246e3d5812f7d9b077e77524dc51376013A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
47c3eb61b29367d5a2946ff2994c08510a93a27c3f70aae7b73521d1c8fa4c8eA heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
fbc427324f7bbbd52b32d86534519facca35022c50ab621232e63a61a9d5146cA heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included.
766c136bb2357c16dd4df02ef330217cd6ff8d8808169a3d9f9621d7f7750e6cCentOS version 7.6 ptrace_scope misconfiguration local privilege escalation exploit.
608a9d5a7538ce173fdb713a8da2de1c7c54e2161d857c0ae1d0aa7e4f2899b2Aida64 version 6.00.5100 Log to CSV File local SEH buffer overflow exploit.
3f4b985fea61b9424f304673befaac3359d984cf18c6e0424585cc37ef8ee11aWhitepaper called Active Directory Enumeration with PowerShell.
fffbc506324136811bf2f295f04bd4158eff596137de87f5ffc17f656996a8e4Tzumi Electronics Klic Lock version 1.0.9 allows for attackers to access resources via capture-replay.
b6478676c8a8574cbdf280e94c872874e68933b7e95cca2138fa97fe2ee1d83d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed