Multiple DLL side loading vulnerabilities were found in various COM components. These issues can be exploited by loading various these components as an embedded OLE object. When instantiating a vulnerable object Windows will try to load one or more DLLs from the current working directory. If an attacker convinces the victim to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
54a85ca989c4eaff178f934a3bf1f889b5563dba98e78c59197f8309e65b7406
Apache Tika wraps the jmatio parser to handle MATLAB files. The parser uses native deserialization on serialized Java objects embedded in MATLAB files. A malicious user could inject arbitrary code into a MATLAB file that would be executed when the object is deserialized. Versions 1.6 through 1.13 are affected.
226a436c7b3ab43566f0b5d55d84ab755d746a38d7b3256777c317a174b2d47e
Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). The vulnerability is caused due to an integer overflow error when processing CMAP table within Open Type Font (OTF) files and can be exploited to cause a kernel crash or disclose kernel memory via a specially crafted table encoding record offset within a OTF file.
b3fe5824069c9a4b95decbd65be8308681bcd9c605cd54f833850c4f9d059f76
MyBB version 1.8.6 suffers from multiple cross site scripting vulnerabilities.
09a5d3981d355ec0a29e90ee57d1093fb1ebc1eb4d6c9e3e9940a391386d94b3
Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a use-after-free error within the "GetTxObj()" function (vsflw.dll), which can be exploited to corrupt memory via a specially crafted PRZ file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.
2914cbdd4b457ca4d8242168827399762469f8bf788d8cf4f0710b5fe8753b51
Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "VwStreamRead()" function (vssdw.dll), which can be exploited to cause a heap-based buffer overflow via a specially crafted SDW file. Successful exploitation may allow execution of arbitrary code. Oracle Outside In versions 8.4.0, 8.5.1, 8.5.2, and 8.5.3 are affected.
78350c71c5f276b3da2aa8e819d6553d9cb28796c9ee72b50e2724bca05b1a3c
A specially crafted HTTP response can cause the CHttpHeaderParser::ParseStatusLine method in WININET to read data beyond the end of a buffer. The size of the read can be controlled through the HTTP response. An attacker that is able to get any application that uses WININET to make a request to a server under his/her control may be able to disclose information stored after this memory block. This includes Microsoft Internet Explorer.
94c41624ff0f1959d2d6ec3ad4d68a44468068d2211d86e587904cea67366cf4
4images versions 1.7.13 and below suffer from a remote SQL injection vulnerability.
74de1ddc3bddc388cd27bca15944047be987925a71644ccbc0bf1a487955531b
Exponent CMS version 2.4.0 suffers from a remote blind SQL injection vulnerability.
efb6f348b4c97ed885446cc19619c0d5dcfbb991b1688207a51826ebad74cb58
CA Technologies Support is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (formerly CA Nimsoft). The first vulnerability, CVE-2016-9165, involves insecure handling of sessions IDs. A remote attacker can potentially acquire a session ID and bypass authentication or elevate privileges. The second vulnerability, CVE-2016-9164, is a path traversal information disclosure vulnerability associated with the diag.jsp file. A remote attacker can potentially access sensitive information. The third vulnerability, CVE-2016-5803, is a path traversal information disclosure vulnerability associated with the download_lar.jsp file. A remote attacker can potentially access sensitive information. CA Technologies has assigned Medium and High risk ratings to these vulnerabilities. Solutions are available.
401bc9e25b7ad17f38793debbf4334be9ee3ec63ae80d59175c80f5dfab7a0f5
CA Technologies Support is alerting customers to a vulnerability in CA Service Desk Manager (formerly CA Service Desk). A reflected cross site scripting vulnerability, CVE-2016-9148, exists in the QBE.EQ.REF_NUM parameter of the SDM web interface. A remote attacker, who can trick a user into clicking on or visiting a specially crafted link, could potentially execute arbitrary code on the targeted user's system. CA Technologies has assigned a Medium risk rating to this vulnerability. A solution is available.
673ed63e14abaf0f4405e8d215276a71e6f485dc124f84f87514f2a904f86219
HP Security Bulletin HPSBGN03670 1 - A vulnerability in the Apache Commons Collections library for handling Java object deserialization was addressed by HPE Business Service Management (BSM). The vulnerability could be exploited remotely to allow remote code execution. Revision 1 of this advisory.
ad6a1cd2eec0673197a05b1d4804c60fd20405c5bf9fb7823c1a6507e7b5cd6c
Red Hat Security Advisory 2016-2695-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service via a crafted sendmsg system call.
5c9d8351889bf9f327197170f7a0516920b25f9a93bc9f8eba170c668ad60d6f
Red Hat Security Advisory 2016-2694-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups.
975bf4faa412e15c29690d447ef66e3a6f362de20d4bbe03ecca1f728ef6f737
Ubuntu Security Notice 3125-1 - Zhenhao Hong discovered that QEMU incorrectly handled the Virtio module. A privileged attacker inside the guest could use this issue to cause QEMU to consume resources, resulting in a denial of service. Li Qiang discovered that QEMU incorrectly handled VMWARE VMXNET3 network card emulation support. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 16.10. Various other issues were also addressed.
ebbb9dd99d4d4747c3700c5ee2ba26996c0c622e1a49ae4a8d2ca5b4b29fb07d
Debian Linux Security Advisory 3709-1 - Nick Wellnhofer discovered that the xsltFormatNumberConversion function in libxslt, an XSLT processing runtime library, does not properly check for a zero byte terminating the pattern string. This flaw can be exploited to leak a couple of bytes after the buffer that holds the pattern string.
e9f4c5e8f4ffec25cedcc9f8673de95787a9afacc9fb00ca49b177c338e35ae4
Red Hat Security Advisory 2016-2676-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 11.2.202.644. Security Fix: This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
e8b6449931f34d73e3da6e598f0e32ce18e95666922f0c3188ec60f7ed5ef541
OpenSSL Security Advisory 20161110 - TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to a DoS attack by corrupting larger payloads. This can result in an OpenSSL crash. This issue is not considered to be exploitable beyond a DoS. Other issues were also addressed.
7d300c6b562eaed0f91128984b69ea54c53d0cb33d26bbf0bbadb6c8189b7e19
Vlany is a Linux rootkit that provides process hiding, user hiding, network hiding, LXC container, anti-debug, anti-forensics, persistent reinstalls, dynamic linker modifications, backdoors, and more.
f8988b56610db94e4f461b587735813c4396591d094d10be55ff1550496bacbe
Microsoft Internet Explorer versions 9, 10, and 11 suffer from an MSHTML PROPERTYDESC::HandleStyleComponentProperty out-of-bounds read.
69867369c8cff2f756daea66abcef97b67f77b7116041fb4cfb63a932b7b4769
Nero version 7.10.1.0 suffers from an unquoted service path privilege escalation vulnerability.
bad453dd996e32dcdd658e911ef7091ccb817266a006aad8aa09bc2e7fc877b3