Secunia Research has discovered a vulnerability in Oracle Outside In, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the vstif6.dll, which can be exploited to cause an out-of-bounds write memory access. The vulnerability is confirmed in version 8.5.3.
0bb128f0ffb554a5ec684f320f0107962750c13a805e277aeb88e4558151e774Mobius Forensic Toolkit is a forensic framework written in Python/GTK that manages cases and case items, providing an abstract interface for developing extensions. Cases and item categories are defined using XML files for easy integration with other tools.
38f7cf697ca5101a3413425d16fa5fe912cf9e1f061103f0b7138fd96d40b92eFaraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
24253d9cafafa96ad86f65701c10afb41ec515d3e8136d465b38dc04fdfb2363There is a Microsoft Windows kernel stack memory disclosure vulnerability in win32k!xxxSendMenuSelect via fnHkINLPMSG user-mode callback.
29ecb93fa8a796617a90f59536bcfb9ac394c28a5e7d91ca72284eb636894416It was discovered that the nt!NtQueryDirectoryFile system call discloses portions of uninitialized pool memory to user-mode clients on Windows 10, due to uninitialized fields in the output structure being copied to the application.
26b521138b8cf592b692e063a57e00a17c82cb345e491baf906a7173cc27e0ceIt is possible to add a cached signing level to an unsigned file by exploiting a TOCTOU in CI leading to circumvention of Device Guard policies and possibly PPL signing levels.
10740234534d576953b78d366019b0eaed2b7e2f77b447ea307edd5c886a5515The Microsoft Windows Kernel suffers from multiple stack and pool memory disclosures into NTFS file system metadata.
9bb7494ef313febec2f8ee393749b8c35f9776237506d2a47110240296b5f9a0EMC ScaleIO versions 2.0.1.3, 2.0.1.2, 2.0.1.1, and 2.0.1 suffer from information disclosure, denial of service, and buffer overflow vulnerabilities.
be050ea74ac79527efbffae6b80e7c3d92d2412e2430c1bda95de7bb39910b78RSA Authentication Manager versions 8.2 SP1 P5 and below suffer from a stored cross site scripting vulnerability.
58d2e95c51a90da59323f5fa851a0ada801c5abcbbd070c9a5b6cf35aceee55dWordPress Emag Marketplace Connector plugin version 1.0 suffers from a cross site scripting vulnerability.
5c2ed09784b0611ab8f180cde78430c53f7a6a7b35ad7af2805e86fb40925f3bWordPress Advanced Post Type Ratings plugin version 1.1 suffers from a cross site scripting vulnerability.
f007dd5ad24b38f1874e624e486c48bf1b5ab7db53fc6fb5ea34e51cbfc86e0fUbuntu Security Notice 3486-2 - USN-3486-1 fixed a vulnerability in Samba. This update provides the corresponding update for Ubuntu 12.04 ESM. Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.
f8ab6fcd5389ee55153023608bb2f0fda540959c098b863139a4d29f84f470f3WordPress In Link plugin version 1.0 suffers from a remote SQL injection vulnerability.
954fddf0317fd8286ef8f1e93464d17bc04fc89aabf6582716320bdae4b93c6bUbuntu Security Notice 3486-1 - Yihan Lian and Zhibin Hu discovered that Samba incorrectly handled memory when processing certain SMB1 requests. A remote attacker could possibly use this issue to execute arbitrary code. Volker Lendecke discovered that Samba incorrectly cleared memory when returning data to a client. A remote attacker could possibly use this issue to obtain sensitive information.
469f99a0aadb2f94e8f7029a33d5d8daffe10b3eee426deea59e5b3f7f44d93aUbuntu Security Notice 3483-2 - USN-3483-1 fixed a vulnerability in procmail. This update provides the corresponding update for Ubuntu 12.04 ESM. Jakub Wilk discovered that the formail tool incorrectly handled certain malformed mail messages. An attacker could use this flaw to cause formail to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
241e560ad1546a686673831611b4fc82a69546ecb78985b2954d9c0b78483fec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed