MEGAsync version 2.9.9 suffers from a dll hijacking vulnerability.
467b99e7de6c333211eb620208e20c59316c0ecf3e1759eeb9e0e0987e558cf1PHP version 5.0.0 suffers from a denial of service vulnerability in domxml_open_file().
1600c83298c5e9014bb21a20b3074ea6e67bb77c93ad413d58e7a39497143b1eKeeper suffers from an issue where a trusted UI is injected into an untrusted webpage.
bc5f2d8563853d8fb0eb9f4dfe423eef486e80138fb54b3a704e0a4fe79e486dThere is a use-after-free in the Adobe Flash MovieClip Transform getter. If the Transform constructor is replaced with a getter using addProperty, this getter can free the MovieClip before it is accessed.
8e0a48ee796dc46bf201b5bec60fb0c2fea4eaaff0ede8662854456151504e5cThere is a use-after-free in Adobe Flash BitmapData.copyPixels. If the method is called on a MovieClip, and the MovieClip is deleted during parameter conversions, it is used to convert future parameters, even though it has already been freed.
0a3401d2588c89c8cb83520304f111cda886ab6b1fa44838fdd32599be2f4efaSeveral methods in Adobe Flash return instances of the Rectangle class. There is a use-after-free in creating these objects for return. If the this object of the call is a MovieClip, the Rectangle instantiation will run on its thread. If a getter is added to this class's package, it will be invoked when fetching the rectangle constructor, which can free the method's thread, which will cause the Rectangle constructor to run on a thread which has been freed.
f898e72b34514ad22259dcefdd52f3d177b215cd0242a8842fd2e4e2e609f90cThere is a use-after-free in Adobe Flash Selection.setFocus. It is a static method, but if it is called with a this object, it will be called on that object's thread. Then, if it calls into script, for example, by calling toString on the string parameter, the object, and its thread will be deleted, and a use-after-free occurs.
fa507c4afbb1bc497d0cc5c2a99904cd2a73bd86ee4b1d906ad6cf627872c99bThere is a use-after-free in the Adobe Flash Stage.align property setter. When the setter is called, the parameter is converted to a string early, as a part of the new use-after-free prevention changes. This conversion can invoke script, which if the this object is a MovieClip, can delete the object, deleting the thread the call is made from, which can lead to a use-after-free.
66d1624a35df614e84e05e1f157c0e1769f423cb0522075826d8dfbcf3dae5feStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced LSB method based on integers sets. The sets (Sieve of Eratosthenes, Fermat, Carmichael numbers, etc.) are used to select the pixels used to hide the information.
a6b0438fe098982f9eff3143a85ca4be352a7bf47733175568ece01ef5f0500fOATH Toolkit attempts to collect several tools that are useful when deploying technologies related to OATH, such as HOTP one-time passwords. It is a fork of the earlier HOTP Toolkit.
b03446fa4b549af5ebe4d35d7aba51163442d255660558cd861ebce536824aa0INTELLINET IP Camera INT-L100M20N remote change admin username / password exploit.
4eaae419672cabc06fd7de62a5c5e616f92153a1c485b352db79b6f0ae052629Blue Team Training Toolkit (BT3) is an attempt to introduce improvements in current computer network defense analysis training. Based on adversary replication techniques, and with reusability in mind, BT3 allows individuals and organizations to create realistic computer attack scenarios, while reducing infrastructure costs, implementation time and risk. The Blue Team Training Toolkit is written in Python, and it includes the latest versions of Encripto's Maligno and Pcapteller.
12a1c56b4d1986f74384559d35c4092b0da1e93692dd258df5016a0bf5d9be60Red Hat Security Advisory 2016-1776-01 - The java-1.6.0-openjdk packages provide the OpenJDK 6 Java Runtime Environment and the OpenJDK 6 Java Software Development Kit. Security Fix: An insufficient bytecode verification flaw was discovered in the Hotspot component in OpenJDK. An untrusted Java application or applet could use this flaw to completely bypass Java sandbox restrictions. Multiple denial of service flaws were found in the JAXP component in OpenJDK. A specially crafted XML file could cause a Java application using JAXP to consume an excessive amount of CPU and memory when parsed.
49fb553f781a4fb3768e1f5965572b0d7f7c4362a804c7d52fefa6aacf26bdf1DataLife Engine versions 11.1 and below suffer from a cross site scripting vulnerability.
ea889cf18fd2c4e8f46edc59936b5c7c8def113b7e7918f531a75da94518c057NECROSOFT NScan versions 0.9.1 and below suffer from a buffer overflow vulnerability.
0c0c6731dc34e16d35ec2d207c6197db9c5be8331353a3a8c6257f5e54646161Htcap is a web application analysis tool for detecting communications between javascript and the server. It crawls the target application and maps ajax calls, dynamically inserted scripts, websockets calls, dynamically loaded resources and some interesting elements. The generated report is meant to be a good starting point for a manual web application security audit. Htcap is written in python and uses phantomjs to load pages injecting a probe that analyzes javascript behaviour. Once injected, the probe, overrides native javascript methods in order to intercept communications and DOM changes. It also simulates user interaction by firing all attached events and by filling html inputs.
361c1123ace8457b032976f9819e01dfb15f1be1dc563f1039b2e802472f702eDebian Linux Security Advisory 3654-1 - Two vulnerabilities were discovered in quagga, a BGP/OSPF/RIP routing daemon.
25c09a37562c4b6e5388e52d121a5fd6c975e1347392e663a3722c450e2bd3cbDebian Linux Security Advisory 3652-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service or the execution of arbitrary code if malformed TIFF, WPG, RLE, RAW, PSD, Sun, PICT, VIFF, HDR, Meta, Quantum, PDB, DDS, DCM, EXIF, RGF or BMP files are processed.
86f82123fa7a7dda6e9bf4a697f83c57a7e7b708b8514ad9004f3b0ba28ee0daKV Site Admin CMS version 3.0 suffers from a remote SQL injection vulnerability.
e2edc690815f4a0488318af7e248e94042a11e27d906f77dd7b62ffdf5f000b4Zarafe CMS version 1.0 suffers from a cross site request forgery vulnerability.
f2bff0f6462a7731609e0c8c5f2e2a5d11fbfd2f8785259a9054797a28039b0eZarafe CMS version 1.0 suffers from a cross site scripting vulnerability.
2c212b74dba952a9eba9c5eb7fef6a80390e117af9f21b2c278a69698498548aApple's libc security update for OS X El Capitan version 10.11.2 has an incomplete fix.
1e5f9c6d0b83d92011bbf4e96ebccd3cac5637b6b7ee38f795eecf2e67ee7819Hotspot Shield suffers from a dll hijacking vulnerability.
734e59498529f65dd47e43719644d5b17369a52c20a7f1c17a1f20a1aa204c6bE-Cidade versions 2.3.52 and below suffer from a directory traversal vulnerability.
7b167d8f8cbd06850269418cacdf6e513f979f6bc3e07c7a71ed0b2bb930fb60Apple Security Advisory 2016-08-25-1 - iOS 9.3.5 is now available and addresses memory disclosure, code execution, and various other vulnerabilities.
5c8254f6d029f1bd1d46ecd3f6c71e08629723831b6317f16c4037f0d55ee4b6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed