An attacker with administrative access to a Windows machine with UEFI Secure Boot enabled may bypass code signing policy checks by putting intentionally-malformed configuration options in the boot configuration database (BCD).
26f375acd642d0f9a494693710868f2ef1b4b3531080dc3e3f2ac06389128d71ZyXEL PMG5318-B20A suffers from a command injection vulnerability via the ping function.
94cea261bcbad285c0fb3b4900f3ab8150b00219d6b41f9594444e04f13fdfd8This Metasploit module exploits a directory traversal vulnerability in ElasticSearch, allowing an attacker to read arbitrary files with JVM process privileges, through the Snapshot API.
9e9a04cf21f31c1319caa6af694dd744146d5b671a3f719be244d3e2a6ee6426Blat version 2.7.6 suffers from a stack buffer overflow vulnerability.
21911e93027d280e190872f956f0eb12482a0f9573adbf3e42f6c5e7e8327a60HP Security Bulletin HPSBGN03515 1 - Potential security vulnerabilities have been identified with HP Smart Profile Server Data Analytics Layer (SPS DAL). These vulnerabilities could be exploited remotely to allow Cross-Site Scripting (XSS) or disclosure of information. Revision 1 of this advisory.
a9b259f68d6ed198e14ba45fb41c51eba0381eb95d369c09a8754b0afc0d5a7eThis Metasploit module exploits open X11 servers by connecting and registering a virtual keyboard. The virtual keyboard is used to open an xterm or gnome terminal and type and execute the specified payload.
f1b0dc8c62d80ca9fecd0a8689754ee2bccc3af0a2306d4d4f393a3664ca9d0fBoxoft WAV to MP3 Converter version 1.1 SEH buffer overflow exploit.
561571e286c077c0bd3761ab7adc8e3d3959cac2361dc46d82248e0e858bca68Recompiling the regular expression pattern during a replace in JScript version 5.7 (MSIE 8) can cause the code to reuse a freed string, but only if the string is freed from the cache by allocating and freeing a number of strings of certain size.
de4b362c98096f2627ba422def8ffe6b298c4c26b1bf19a41b77cd41aab24c77Typo3 versions 4.2 and 4.5 suffer from information disclosure vulnerabilities.
964fb0833da0c5c9f1c07ef9adf90cc4233a7a258608fbfabc59b774d1d0f1a4MC Inventory Manager suffers from a remote SQL injection vulnerability that allows for authentication bypass.
762b87b209d0f911fb371c00cc13d296985ae347761194af1e3e4552c0eb8029MC Inventory Manager suffers from a stored cross site scripting vulnerability.
ef13986b8ebf906d0a7e05feeda7202f918d4ed84f7af20d81ed2db8b2c16e98The library tiny-AES128-C contains a buffer overflow in its AES128_CBC_encrypt_buffer() function, where 15 bytes beyond the end of the input buffer can be overwritten.
a7e437ab1c1557b6f02e672829111df160cb4ee24f700f757d8715884da74e5bUbuntu Security Notice 2767-1 - Gustavo Grieco discovered that the GDK-PixBuf library did not properly handle scaling tga image files, leading to a heap overflow. If a user or automated system were tricked into opening a tga image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Gustavo Grieco discovered that the GDK-PixBuf library contained an integer overflow when handling certain GIF images. If a user or automated system were tricked into opening a GIF image file, a remote attacker could use this flaw to cause GDK-PixBuf to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
3a29a3b4a363c0c978dc6d50853bdf439cb053733deb55142ef0459a99031ae9This bulletin summary lists multiple bulletins that have undergone a major revision increment for October, 2015.
606915aba2106b77f76d909f0cffbd2e568af2dba89b3f1c521a0d01e6b8c16fThis bulletin summary lists six released Microsoft security bulletins for October, 2015.
97027239176df14da037279816ff2516a65b06d95cb97bc90c7275356c532a8d
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed