K2 SmartForms, BlackPearl, and K2 for Sharepoint version 4.6.7 suffer from a boolean-based remote SQL injection vulnerability.
b5b8d94a74d115a5d21dcdfab6459b1fc2f07d4bd3bbd269226449b06d053835Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature.
f3141a360bdf7ee6e4a571e6ac07b4d6860453bfd2d2651ec97cfa7f9a2ae196The attached testcase was found by fuzzing packed PE files with Kaspersky Antivirus. The researcher suspects it was packed using "Yoda's protector". This vulnerability is obviously exploitable for remote code execution as NT AUTHORITY\SYSTEM on all systems using Kaspersky Antivirus.
3c3dd5acd1e83e6d651af0ce396c0ce5a329d99348391da8dcc96d1f2d9db389While fuzzing UPX packed files in Kaspersky Antivirus, a crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for remote code execution as NT AUTHORITY\SYSTEM.
873dde06402e643e7c58d92fa1292dd7bd56e1ac4926fee21503ce6e92227045Kaspersky Antivirus PE unpacking suffers from an integer overflow vulnerability.
5f6ace8e01df0d4d69eed14c4bfebe35cffb18417251166f12d0d919112d59eaFuzzing packed executables in Kaspersky Antivirus found an ExeCryptor parsing memory corruption vulnerability.
9b88cbe181953642219bc9f3faab09f2d8454bba6f6371edce30a211c49ef39bFuzzing CHM files with Kaspersky Antivirus produced a crash due to a stack buffer overflow vulnerability.
955d664811abe68cd1b11cbbbfdcc3b1d291028188d72a8d67f997305e27df5cThis slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.
32bc66497949946f49a5d475504377f6fb06a5d809e9e46ec66cb3f3191a2b7bKerio Control versions 8.6.1 and below suffer from remote SQL injection and remote code execution through cross site request forgery vulnerabilities.
5ade13cd16a1063aa69b48cb922256980ec682b6582c69ca0d6107b759ac4b36Digital Whisper Electronic Magazine issue 65. Written in Hebrew.
5b592a3fd473f02b3de73891851460962b505cd4c3044c49983d8e41e5d6cdddDebian Linux Security Advisory 3372-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.
307334c9a5eff72ba64a9e315472120a161622f5ea8a1063d37e73e088dcd4e3A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without "UnmanagedCode" permission to nevertheless directly control arguments passed to a "ShellExecute" invocation of the users' default browser. This vulnerability allows an attacker who is able to run arbitrary .NET code within a .NET PartialTrust sandbox including the "WebPermission" permission for any URL to inject arbitrary parameters after the first parameter into the command line of the users' default browser.
b4f6f4c64fcea757962a5b5527370c1e23ba0b0610e975f129a09d22efa39baaFuzzing Kaspersky Antivirus VB6 executables produced a crash triggered by an integer overflow vulnerability.
c9ddc4ae299fb2e602e6dc2f065c0d2feca2d3364b70f32ea4e4bdc6ca8d7666Fuzzing the DEX file format found a crash that loads a function pointer from an attacker controlled pointer, on Windows this results in a call to an unmapped address. This is obviously exploitable for remote, zero-interaction code execution as NT AUTHORITY\SYSTEM on any system with Kaspersky Antivirus.
26951261beb7ff1122009b4bec4c8a0f4705fa105a3613ecb9448249512fe065The attached report and exploit were mailed to Kaspersky on 4th September 2015. The researcher is currently triaging about 230 more unique crashes. A remotely exploitable stack buffer overflow exists in the ThinApp container parsing. Kaspersky Antivirus and other products using the Kaspersky Engine (such as ZoneAlarm) are affected.
5ca3b319ffad1c37c2dc2b79e408a60512af7b432dd0803fc5b707285145f8b8CDex Genre version 1.79 suffers from a stack buffer overflow vulnerability.
960dd65d0478b1f333da665417affee1a77c7938878b529651291ec7799fd8d8Netgear Voice Gateway with firmware version 2.3.0.23_2.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities.
d00b6ccc7243ec76c13b6752206ecb24b7616afd8ccc5b5e94771fa108ece86eWhitepaper called How Yalu Works. Written in Persian.
8e6baed03f1a0aca0b7a553306a79948004042a763a555423ed698efc3743e0aTomabo MP4 Converter version 3.10.12 suffers from a denial of service vulnerability.
e4aa0486624d997bce409a11e6d9c99d4f02853188e7581d6891d408b5236a42
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed