FireEye FX, AX, NX, and EX products suffer from an analysis bypass vulnerability.
449aafd21ac2669413a7bfe12b72b0a0409a12dace2cd2b57d2a5622aa29d505
Microsoft Internet Explorer 11 suffers from a MSHTML!CObjectElement use-after-free vulnerability.
e3a600a83bd36797b98db962833ac5481dc99968f9a214f43e970ffe3c05e463
OpenSSH versions 6.9p1 and below suffer from PAM related authentication bypass and use-after-free vulnerabilities.
0b9cdda83d2bd4462b9476721a79b253f4d0d5a4f1b85d7710195b4178d9abf5
Microsoft Internet Explorer 11 is prone to a use-after-free vulnerability in the MSHTML!CTreeNode::GetCascadedLang function. The following analysis was performed on Internet Explorer 11 on Windows 8.1 (x64). If an attacker succeeds in bypassing the Memory Protector and Isolated Heap protection mechanisms this vulnerability allows the execution of arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
1ab54ed16c416f2c380415334ef8a0ac58296c12aa60e0f295c012e60b25b90f
This whitepaper discusses exploitation of CVE-2014-4113 on Windows 8.1.
347b65c62cf9b21ce7a51217f70945df6a72439a4ef09808f6143d9103ce6fc4
Polycom systems suffer from a format string vulnerability when creating a CDR entry. Polycom HDX series versions prior to 3.1.1.2 are affected.
8998433b0bea32dde00acd6d3311c61443b062424f5faeac20c6cdfee2adbe3b
A simple H.323 SETUP packet can be used to commit a remote SQL injection attack against Polycom systems. Polycom HDX series versions prior to 3.1.1.2 are affected.
c8ef16e32d79b56646936f40819360d5231808c030efb457b8afed16f3c94923
The firmware update functionality in the Polycom web interface is vulnerable to a simple command injection vulnerability which allows an attacker with access to the web interface to execute arbitrary commands on the underlying embedded Linux system. Polycom HDX series versions prior to 3.1.1.2 are affected.
eaeed66e6e35211d5de8494085612d6cabc696df21d84244931e4cb825cb4492
The Polycom Command Shell can be used to view and also change several settings of the system. However it can also be used to get system-level access (i.e. root access) to the HDX system. The "printenv" and "setenv" commands can be used to read and write variables respectively which are stored in flash memory. Polycom HDX series versions prior to 3.1.1.2 are affected.
162aad6a25e60bab68f51ec49f90cbda2650407c9f0ac15d752cc71dba4606be
This Metasploit modules exploits a command injection vulnerability in the URL handler for for the IBM Lotus Notes Client <= 8.5.3. The registered handler can be abused with an specially crafted notes:// URL to execute arbitrary commands with also arbitrary arguments. This Metasploit module has been tested successfully on Windows XP SP3 with IE8, Google Chrome 23.0.1271.97 m and IBM Lotus Notes Client 8.5.2.
7a3b0f8cdedb3c1112e263b6a63066bb8c62253df93e1569505b5ae265a933a9
A heap corruption vulnerability has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
a967d2b7f8fefd73301e6eaf2dfb4c514e1473ca7edba87c15475fe6dc0abe7e
A stack-based buffer overflow has been found in the Citrix XML Service of XenApp and XenDesktop which is installed on every server used for sharing applications. Successful exploitation allows arbitrary code execution on the server running the XML service.
8c2aad516fccebdeefca7b40556e1cfb18e6b22108f839a744c124db43130d39
A directory traversal vulnerability has been found in the PJL file system access interface of various HP LaserJet MFP devices. File system access through PJL is usually restricted to a specific part of the file system. Using a pathname such as 0:\..\..\..\ it is possible to get access to the complete file system of the device.
3046f35f738f91dd1414a725b79b838acb34d0bb5e416218ca7e0fbb11a194c5
This Metasploit module exploits a feature in the Distribution Packages, which are used in the Apple Software Update mechanism. This feature allows for arbitrary command execution through JavaScript. This exploit provides the malicious update server. Requests must be redirected to this server by other means for this exploit to work.
31bbe100ffdd2f91eaedeff7614f1752ef8f6fb3e51341837b95b2b328745b19
A remotely exploitable vulnerability has been found in the HTTP header parsing code of the CFNetwork framework.
3cd844ab4b16ffea30d4bf56950667b6ccf6b6b2a12354c933cb59ebebbbebe9
ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the 'clamd' process by sending an email with a prepared attachment. Versions below 0.94.1 are affected.
6cc70ca47bd8e70a162e0b466166e4ae4e11b76c25c6b31b93bb29214c73de19
Apple Mac OS X Software Update suffers from a remote command execution vulnerability. Full Metasploit module included.
1852939fa989f4ddf6144fb1874a746c14013a7706681e093ad78115be9ffd22
OpenSSL versions before 0.9.7m and 0.9.8e suffer from an off-by-one buffer overflow in SSL_get_shared_ciphers().
14554756f6b961b55d3c66f67ef71356931c21b86d987c2959039bdbdf012665
tcpdump versions 3.9.5 and below suffer from an off-by-one heap overflow in the ieee802.11 printer.
d25a3d728ab60232446e3ac7336e378fa1d08dcf088e60d62e4c19444d0f09ae
MPlayer version 1.0rc1 suffers from a buffer overflow that can be exploited with a maliciously crafted video file.
f6b24ce436da9fc6ea70e8ee7f600461e195bedd2bab50ac218f4d119d59a662
Remove vulnerability has been found in the SmartFTP-D Server which allows a remote user with an account to read any file on the system.
dc0c845f36c1df20329e24792344d24bc446161aac536e31bd3e8e9f4f21f5c7