This Metasploit module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player. The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob. Modifying the "width" attribute of the ShaderJob after starting the job it's possible to create a buffer overflow condition where the size of the destination buffer and the length of the copy are controlled.
85ac61cf4df86a48ba3ebb5575fe809cd20d6d403d015526e3943526ed3262d0Debian Linux Security Advisory 3292-1 - Bastian Blank from credativ discovered that cinder, a storage-as-a-service system for the OpenStack cloud computing suite, contained a bug that would allow an authenticated user to read any file from the cinder server.
9b66ae4edb170f5a91d3494b9e622d7c412e83ebfeeb4f301dd56c81b5a97e05ManageEngine SupportCenter Plus version 7.90 suffers from cross site scripting, password disclosure, and directory traversal vulnerabilities.
081617d3dcebc550fd4c6ab2540542547ed2a017511f52416250152c2586b2c8Duo push authentications are susceptible to a low-profile timing-based attack that permits an intruder to steal an authenticated session from an end-user accessing Duo-protected resources. Specifically, when multiple push notifications arrive simultaneously (or nearly so), only the final one is shown to the user. When the user authenticates that notification, only the corresponding session will actually be authenticated. If an attacker can initiate an equivalent connection slightly after the client?s session, then the user will typically authorize the malicious session rather than his or her own. Configurations affected include Duo Security Authentication Proxy version 2.4.8 and Duo Win Login version 1.1.8.
103eb43f4540ebf657dd6624630bfe6d9cf75eb31d994d75465d0101fe86aa75Tango FTP active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects version 1.0 build 136.
7c5d287b7285d97c773bd521ba096c6d7155b06570a00ffc57b3294319a812a1Tango DropBox active-x heap spray exploit that leverages a vulnerability in the COM component used eSellerateControl350.dll (3.6.5.0) method of the GetWebStoreURL member. Affects versions 3.1.5 and PRO.
3c8dfe4be4054d363a2c7bf83cffe6bedd810b2e267d01f52bc1df31959e5112OpenEMR versions 4.2.0 and 4.2.0 patch 1 suffer from an authentication bypass vulnerability.
a589315de279dd22ee99c036b36a4cfd6f70531f2f25bab5afeaec7ef31766f6ZTE ZXV10 W300 version 3.1.0c_DR0 suffers from a session vulnerability that allows a remote attacker to delete network settings and more.
e6b4753445eecdc540f323caf6ddd8959dc3d0dc105d4e6952e16e30eb542b98eBay Magento suffers from a cross site request forgery vulnerability.
b3c0c736ffb72d43d1fe671c55dffcbc1392deeada1261b19a1a3ef5cb7b4d6cRed Hat Security Advisory 2015-1127-02 - In accordance with the Red Hat Enterprise Linux OpenStack Platform Support Policy, the life cycle of Production Support for version 4 will end on June 19, 2015. On June 20, 2015, Red Hat Enterprise Linux OpenStack Platform version 4 will enter an inactive state and will no longer receive updated packages, including Critical-impact security patches or urgent-priority bug fixes. In addition, technical support through Red Hat's Global Support Services will no longer be provided after this date.
71fc3ccc8a75ebf651126029495fe0d0bed9e150ed78b62c21f07ec3f910ae05A persistent input validation web vulnerability has been discovered in the official Magento xCommerce web-application. The vulnerability allows remote attackers to inject own script code to the application-side of the affected service module. The vulnerability is located in the filename value of the image upload module. The attacker needs to create a New Message with upload to change the filename to a malicious payload. The attack vector of the issue is located on the application-side and the request method to inject the script code is POST.
2d046bdbb2f5dbd96eb46e550a4e42059c43e67f2b94273651e0cdfbf7805252ApPHP Hotel Site version 3.x.x suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
890ce1d4ffe628ac729ca8d7e542f34a6085bef5d2b10be9540e4c255325d05cA client-side cross site scripting web vulnerability has been discovered in the official Magento Commerce Premium Theme front-end web-application. The non-persistent xss vulnerability allows remote attackers to inject own script code to the application-side of the vulnerable online-service module.
93f9dd7fd63830ad50de3dc317332c7a3e7b19e91c8f617f35ef178a5970df46WinylPlayer version 3.0.3 memory corruption proof of concept exploit.
788887d72aeca51f9c07a787f09f5f2b971d388afc67b75f0eaa8a3c9481238842 bytes small Linux/x86 chmod('/etc/passwd','777') shellcode.
d1e5b6edf4696268f8430598de8b8cf66df50aa768578351bac4ee7c5a1c6f83HansoPlayer version 3.4.0 memory corruption proof of concept exploit.
20b9090c4b132b0b60d1f278ce6a8efb8bcfa0d4a1e0123be1f206ac25da0171SAP Mobile Platform version 3.0 suffers from an XXE injection vulnerability. The problem is caused by a program error due to the incorrect use of an XML parser (/mobiliser servlet). By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.
e89aaed13c5a2c5ac4e974c044a080f19bad90ce384d9fca4ba8d2c791e1c274SYBASE SQL Anywhere versions 12 and 16 suffer from a denial of service vulnerability. An attacker can trigger a condition in which the process ceases to run. This condition can be intentionally provoked by an attacker to cause denial of service.
ef63dab3201ae56b98a3747344e684a2c732c5d74e07e8556040954ed9c8255f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed