Capstone is a multi-architecture, multi-platform disassembly framework. It has a simple and lightweight architecture-neutral API, thread-safe by design, provides details on disassembled instruction, and more.
9d7219376ce801e95b4c148dd9464098836a6d209c2396f8ee283a7a6aa16544Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
9c2f37d5fa9033936468237f6f4b29289f30791caa84765ef510acb56c8daa4dDolibarr ERP and CRM version 3.5.3 suffers from multiple remote SQL injection vulnerabilities.
28d80b9fc01de763573e26f6295737377269e9e8ba336e578aabd6a7d3558bc6It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected.
a66fb0a451a7f6dcc806352c69ac659b9668b544cb151ad815fc0f41f27c3245It was discovered that a number of the protocol handlers (referred to as IO slaves) did not satisfactorily handle malicious input. It is possible for an attacker to inject JavaScript by manipulating IO slave URI such that the JavaScript from the manipulated request is returned in the response.
e347068492c2b02155919e28caab949adb5a3b0bc7cde80b54669e096dfe6353Faronics Deep Freeze Standard and Enterprise suffers from an arbitrary code execution vulnerability.
27fb76254363929ae6c1caac2afa6005830a4d1520926bd16a9b059055f1e885Joomla Simple Email Form version 1.8.5 suffers from a cross site scripting vulnerability.
bdbf6b422078d438cc5d2cb5bad7c4962ce78742be7e3d0a971d871344bb0b35In Android versions prior to 5.0, java.io.ObjectInputStream did not check whether the Object that is being deserialized is actually serializable. This means that when ObjectInputStream is used on untrusted inputs, an attacker can cause an instance of any class with a non-private parameterless constructor to be created. All fields of that instance can be set to arbitrary values. The malicious object will then typically either be ignored or cast to a type to which it doesn't fit, implying that no methods will be called on it and no data from it will be used. However, when it is collected by the GC, the GC will call the object's finalize method. Proof of concept code included.
bf793047e29e52365bf15acd8cb03662f3e6f03b41a8867b4fb9c604a91808d4Mandriva Linux Security Advisory 2014-215 - An out-of-bounds memory write flaw was found in the way GnuTLS parsed certain ECC (Elliptic Curve Cryptography) certificates or certificate signing requests (CSR). A malicious user could create a specially crafted ECC certificate or a certificate signing request that, when processed by an application compiled against GnuTLS (for example, certtool), could cause that application to crash or execute arbitrary code with the permissions of the user running the application.
09deb94573db19c2095367b2e4855204d2d7f1f688124b59ab0810ec5e393e7aDebian Linux Security Advisory 3074-1 - Francisco Alonso of Red Hat Product Security found an issue in the file utility, whose code is embedded in PHP, a general-purpose scripting language. When checking ELF files, note headers are incorrectly checked, thus potentially allowing attackers to cause a denial of service (out-of-bounds read and application crash) by supplying a specially crafted ELF file.
c3c7f83fc8677e848b0cf6cde29652f956a6c07f2e420aedcf4eb8bc70533181Debian Linux Security Advisory 3074-2 - The previous update for php5, DSA-3074-1, introduced regression in the sessionclean cron script. The change was intended to fix a potential symlink attack using filenames including the NULL character (Debian bug #766147), but depended on sed package version too recent, not in Wheezy.
eb5ca3638356ab944b043dc1e88c1b86cc5025738f16872711478b87772079b4This is a tool to exploit .NET Remoting Services vulnerable to CVE-2014-1806 or CVE-2014-4149. It only works on Windows although some aspects might work in Mono on *nix.
74ce7c60139cd6b2a713355e1eaa5162b32c8741cbee7e9e2d418a32d899e82eSnowfox CMS version 1.0 suffers from a cross site request forgery vulnerability.
a04e1dba9655d630abb9e1a307314178219b1886d0b33c4c47ecf48ac5e68f72Apple Security Advisory 2014-11-17-3 - Apple TV 7.0.2 is now available and addresses arbitrary code execution and unsigned code execution security issues.
64ff89b095ba26114a75a346f55bdedfd3112739360aef178b40c75924a28897Snowfox CMS version 1.0 suffers from an open redirection vulnerability.
30be02c518b17b6f7eea2722ad431efc1006f27b4352c635aa289b2c3cb86fa6Apple Security Advisory 2014-11-17-2 - OS X 10.10.1 is now available and addresses a privacy issue, arbitrary code execution, and various other security issues.
0070a836f0e45939ac86a47d278a19667a9d9d6640d8631bc2fbfc89036c0713Apple Security Advisory 2014-11-17-1 - iOS 8.1.1 is now available and addresses code execution and various other security flaws.
602e9d605f73315efc5efaf9ac7b45623e8729c43897fd8782af5548bf6439e1It was found out that malformed network traffic (AOVD-based) can lead to an abnormal behavior if verbose output of tcpdump monitoring the network is used. Affected versions are 3.8 through 4.6.2.
a85471c18f98a1639c42f4f8a5c4ac76bfadbcf018487d3c509fec2e23a05a65tcpdump versions 4.5.0 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed Geonet payload.
9af8da699aaaed3f582d3ce2e3473186609cabab6d354ae5b7877ecb392ab0fatcpdump versions 3.9.6 through 4.6.2 suffers from a denial of service vulnerability when handling a malformed OLSR payload.
4fc3ca635ddbe8ed7f884ff465b5688613dbce31cfea61e0e73891ed5e27c574
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed