Säkerhet

QEMU Host Filesystem Arbitrary Access

Packet storm - lör, 2017-02-18 17:57
QEMU has an issue where virtfs permits a guest to access the entire host filesystem.
Kategorier: Säkerhet

Adobe Flash MP4 AMF Parsing Overflow

Packet storm - lör, 2017-02-18 17:56
Adobe Flash suffers from an overflow vulnerability during MP4 AMF parsing.
Kategorier: Säkerhet

Adobe Flash SWF Stack Corruption

Packet storm - lör, 2017-02-18 17:55
Adobe Flash suffers from a stack corruption vulnerability using a fuzzed SWF file.
Kategorier: Säkerhet

Adobe Flash YUVPlane Decoding Heap Overflow

Packet storm - lör, 2017-02-18 17:55
Adobe Flash suffers from a heap overflow vulnerability during YUVPLane decoding.
Kategorier: Säkerhet

Adobe Flash Bitmapfilter Use-After-Free

Packet storm - lör, 2017-02-18 17:53
Adobe Flash suffers from a use-after-free vulnerability in applying bitmapfilter.
Kategorier: Säkerhet

Google Chrome Download Filetype Blacklist Bypass

Packet storm - lör, 2017-02-18 17:52
Google Chrome suffers from a bypass vulnerability in the download filetype blacklist functionality. Versions 54.0.2840.100 stable is affected.
Kategorier: Säkerhet

Cisco ASA WebVPN CIFS Handling Buffer Overflows

Packet storm - lör, 2017-02-18 17:51
Cisco ASA WebVPN CIFS handling buffer overflow conditions have been discovered.
Kategorier: Säkerhet

GDI GDI32!ConvertDxArray Insufficient Bounds Check

Packet storm - lör, 2017-02-18 17:50
GDI suffers from an insufficient bounds check on GDI32!ConvertDxArray.
Kategorier: Säkerhet

Microsoft Office Powerpoint 2010 MSO/OART Heap Out-Of-Bounds Access

Packet storm - lör, 2017-02-18 17:48
Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap out-of-bounds access issue that leads to a memory corruption condition.
Kategorier: Säkerhet

AIEngine 1.7.0

Packet storm - lör, 2017-02-18 17:46
AIEngine is a packet inspection engine with capabilities of learning without any human intervention. It helps network/security professionals to identify traffic and develop signatures for use them on NIDS, Firewalls, Traffic classifiers and so on.
Kategorier: Säkerhet

Microsoft Office 2010 MSO!Ordinal5429 Heap Corruption

Packet storm - lör, 2017-02-18 17:46
Microsoft Office 2010 running under Windows 7 x86 with Application Verifier enabled suffers from a heap corruption issue due to a missing length check.
Kategorier: Säkerhet

Elefant CMS 1.3.12-RC Code Execution

Packet storm - lör, 2017-02-18 17:42
Elefant CMS version 1.3.12-RC suffers from remote code execution vulnerabilities.
Kategorier: Säkerhet

Plone 5.0.5 Cross Site Scripting

Packet storm - lör, 2017-02-18 17:41
Plone version 5.0.5 suffers from a cross site scripting vulnerability.
Kategorier: Säkerhet

Microsoft SQL Server Clr Stored Procedure Payload Execution

Packet storm - lör, 2017-02-18 17:21
This Metasploit module executes an arbitrary native payload on a Microsoft SQL server by loading a custom SQL CLR Assembly into the target SQL installation, and calling it directly with a base64-encoded payload. The module requires working credentials in order to connect directly to the MSSQL Server. This method requires the user to have sufficient privileges to install a custom SQL CRL DLL, and invoke the custom stored procedure that comes with it. This exploit does not leave any binaries on disk. Tested on MS SQL Server versions: 2005, 2012, 2016 (all x64).
Kategorier: Säkerhet

Elefant CMS 1.3.12-RC Cross Site Request Forgery

Packet storm - lör, 2017-02-18 01:33
Elefant CMS version 1.3.12-RC suffers from multiple cross site request forgery vulnerabilities.
Kategorier: Säkerhet

Simplessus Files 3.7.7 Path Traversal

Packet storm - lör, 2017-02-18 01:22
Simplessus Files version 3.7.7 suffers from a path traversal vulnerability.
Kategorier: Säkerhet

Ubuntu Security Notice USN-3199-2

Packet storm - lör, 2017-02-18 01:17
Ubuntu Security Notice 3199-2 - USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. Various other issues were also addressed.
Kategorier: Säkerhet

Gentoo Linux Security Advisory 201702-09

Packet storm - lör, 2017-02-18 01:17
Gentoo Linux Security Advisory 201702-9 - Multiple vulnerabilities have been found in ImageMagick, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.9.7.4 are affected.
Kategorier: Säkerhet

Debian Security Advisory 3790-1

Packet storm - lör, 2017-02-18 01:17
Debian Linux Security Advisory 3790-1 - Several vulnerabilities were discovered in spice, a SPICE protocol client and server library.
Kategorier: Säkerhet

Ubuntu Security Notice USN-3199-1

Packet storm - lör, 2017-02-18 01:17
Ubuntu Security Notice 3199-1 - It was discovered that the ALGnew function in block_templace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter.
Kategorier: Säkerhet