K2 SmartForms, BlackPearl, and K2 for Sharepoint version 4.6.7 suffer from a boolean-based remote SQL injection vulnerability.
b5b8d94a74d115a5d21dcdfab6459b1fc2f07d4bd3bbd269226449b06d053835
Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature.
f3141a360bdf7ee6e4a571e6ac07b4d6860453bfd2d2651ec97cfa7f9a2ae196
The attached testcase was found by fuzzing packed PE files with Kaspersky Antivirus. The researcher suspects it was packed using "Yoda's protector". This vulnerability is obviously exploitable for remote code execution as NT AUTHORITY\SYSTEM on all systems using Kaspersky Antivirus.
3c3dd5acd1e83e6d651af0ce396c0ce5a329d99348391da8dcc96d1f2d9db389
While fuzzing UPX packed files in Kaspersky Antivirus, a crash was discovered resulting in an arbitrary stack-relative write. This vulnerability is obviously remotely exploitable for remote code execution as NT AUTHORITY\SYSTEM.
873dde06402e643e7c58d92fa1292dd7bd56e1ac4926fee21503ce6e92227045
Kaspersky Antivirus PE unpacking suffers from an integer overflow vulnerability.
5f6ace8e01df0d4d69eed14c4bfebe35cffb18417251166f12d0d919112d59ea
Fuzzing packed executables in Kaspersky Antivirus found an ExeCryptor parsing memory corruption vulnerability.
9b88cbe181953642219bc9f3faab09f2d8454bba6f6371edce30a211c49ef39b
Fuzzing CHM files with Kaspersky Antivirus produced a crash due to a stack buffer overflow vulnerability.
955d664811abe68cd1b11cbbbfdcc3b1d291028188d72a8d67f997305e27df5c
This slide deck consists of three presentations showing both an overall and detailed view of the new patent pending methods to make cross site scripting (XSS) detection more accurate and faster as well as the creation of dynamic exploits. It was presented at OWASP AppSecUSA 2015.
32bc66497949946f49a5d475504377f6fb06a5d809e9e46ec66cb3f3191a2b7b
Kerio Control versions 8.6.1 and below suffer from remote SQL injection and remote code execution through cross site request forgery vulnerabilities.
5ade13cd16a1063aa69b48cb922256980ec682b6582c69ca0d6107b759ac4b36
Digital Whisper Electronic Magazine issue 65. Written in Hebrew.
5b592a3fd473f02b3de73891851460962b505cd4c3044c49983d8e41e5d6cddd
Debian Linux Security Advisory 3372-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification.
307334c9a5eff72ba64a9e315472120a161622f5ea8a1063d37e73e088dcd4e3
A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without "UnmanagedCode" permission to nevertheless directly control arguments passed to a "ShellExecute" invocation of the users' default browser. This vulnerability allows an attacker who is able to run arbitrary .NET code within a .NET PartialTrust sandbox including the "WebPermission" permission for any URL to inject arbitrary parameters after the first parameter into the command line of the users' default browser.
b4f6f4c64fcea757962a5b5527370c1e23ba0b0610e975f129a09d22efa39baa
Fuzzing Kaspersky Antivirus VB6 executables produced a crash triggered by an integer overflow vulnerability.
c9ddc4ae299fb2e602e6dc2f065c0d2feca2d3364b70f32ea4e4bdc6ca8d7666
Fuzzing the DEX file format found a crash that loads a function pointer from an attacker controlled pointer, on Windows this results in a call to an unmapped address. This is obviously exploitable for remote, zero-interaction code execution as NT AUTHORITY\SYSTEM on any system with Kaspersky Antivirus.
26951261beb7ff1122009b4bec4c8a0f4705fa105a3613ecb9448249512fe065
The attached report and exploit were mailed to Kaspersky on 4th September 2015. The researcher is currently triaging about 230 more unique crashes. A remotely exploitable stack buffer overflow exists in the ThinApp container parsing. Kaspersky Antivirus and other products using the Kaspersky Engine (such as ZoneAlarm) are affected.
5ca3b319ffad1c37c2dc2b79e408a60512af7b432dd0803fc5b707285145f8b8
CDex Genre version 1.79 suffers from a stack buffer overflow vulnerability.
960dd65d0478b1f333da665417affee1a77c7938878b529651291ec7799fd8d8
Netgear Voice Gateway with firmware version 2.3.0.23_2.3.23 suffers from command injection, insecurely configured passwords, and cross site scripting vulnerabilities.
d00b6ccc7243ec76c13b6752206ecb24b7616afd8ccc5b5e94771fa108ece86e
Whitepaper called How Yalu Works. Written in Persian.
8e6baed03f1a0aca0b7a553306a79948004042a763a555423ed698efc3743e0a
Tomabo MP4 Converter version 3.10.12 suffers from a denial of service vulnerability.
e4aa0486624d997bce409a11e6d9c99d4f02853188e7581d6891d408b5236a42