Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it's possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the database. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. In later versions the deserialisation of invalid session data stops on the first error and the exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1.
5a665a27f3d12ff63349cd4ca300cdf8e60e5919f5df2fde458870a5b8bac108
Some distributions make virtfs-proxy-helper from QEMU either SUID or give it CAP_CHOWN fs capabilities. This is a terrible idea. While virtfs-proxy-helper makes some sort of flimsy check to make sure its socket path doesn't already exist, it is vulnerable to TOCTOU. This exploit should spawn a root shell, eventually, on vulnerable systems.
1e19e91a7c1729b5f293f8ceb076d4d844b703cbb48b10bd6f16f7fb62c5f677
EMC Isilon OneFS contains a privilege escalation vulnerability when SmartLock compliance mode is in use. In SmartLock compliance mode, the system is designed to prevent root-level user logins to the system. However, this security vulnerability allows OneFS users with administrative privileges to create root-level users and log in to the system.
f4f6d1a7ab19143caa64aabd4726e3e092c57198ac322964a7c8b8aafcb47f52
Apache Camel's Jetty/Servlet usage is vulnerable to a Java object de-serialization vulnerability.
2dc9dd223b8636940a69a92a2c8ec700896baacff115824e13e45e41f355a595
Gentoo Linux Security Advisory 201512-2 - A vulnerability in IPython could result in execution of arbitrary JavaScript. Versions less than 3.2.1-r1 are affected.
602eab51ddd4b20b9c24db1a3a698f76e84e569b728c2455b0f878be507ba348
Red Hat Security Advisory 2015-2665-01 - Chromium is an open-source web browser, powered by WebKit. Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash, execute arbitrary code, or disclose sensitive information when visited by the victim. All Chromium users should upgrade to these updated packages, which contain Chromium version 47.0.2526.106, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
038818a7be890b246a3237c4c06352a87f9d25899dca0c4f09b790698f9f76c6
Gentoo Linux Security Advisory 201512-1 - A vulnerability in Dnsmasq can lead to a Denial of Service condition. Versions less than 2.72-r2 are affected.
30a91cd4814a5a2c048a34695fee5c59ce22a6bd5ce21ccec15e04dba9849a93
Ubuntu Security Notice 2840-2 - Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash).
24c157bc5fb11507b05110e988d7bc8ac2a3a57436e0dee3534be4d8df1784a6
Ubuntu Security Notice 2843-3 - =E9=83=AD=E6=B0=B8=E5=88=9A discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Dmitry Vyukov discovered that the Linux kernel's keyring handler attempted to garbage collect incompletely instantiated keys. A local unprivileged attacker could use this to cause a denial of service (system crash). Various other issues were also addressed.
49334a6b730ea953bb24db7899076e4caa9a090dbe9937e4c72b50efb8cce3a4
Ubuntu Security Notice 2843-2 - Jan Beulich discovered that the KVM svm hypervisor implementation in the Linux kernel did not properly catch Debug exceptions on AMD processors. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS. It was discovered that the ppp implementation in the Linux kernel did not ensure that certain slot numbers are valid. A local attacker with the privilege to call ioctl() on /dev/ppp could cause a denial of service (system crash). Various other issues were also addressed.
c5e55d2c73f862fc096ea1440ff05f9e135387c9eb19edd0e68e6a85dc021481
Red Hat Security Advisory 2015-2666-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. The following security issue is addressed with this release: An implementation error related to the memory management of request and responses was found within HAProxy's buffer_slow_realign() function. An unauthenticated remote attacker could use this flaw to leak certain memory buffer contents from a past request or session.
c4327e8c7d421a0cbc4ff37663cdff357f709ac3ab9cbc77ba10759b1555132d
On the 8th December 2015, Microsoft released Security Bulletin MS15-130 to fix a vulnerability in Unicode Scripts Processor component found by Secunia Research. The vector for a successful exploitation is a specially crafted "True Type Font" (TTF) file, which typically can be embedded in e.g. Microsoft Office documents or even in emails and web-based content depending on the font type. Successful exploitation could result in arbitrary code execution.
ae0792efc0a69b310511509667b6228f00070e222be6e495c2a81037abe590ff
Multiple DLL side loading vulnerabilities were found in the OLE DB Provider for Oracle. These issues can be exploited by loading various OLE components as an embedded OLE object. When instantiating the object Windows will try to load the DLLs oci.dll, and ociw32.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
780d7323edb86b5d1ef9bec50bd1ae3f33562db71bf215b552d8c2ebc37b7cc4
A DLL side loading vulnerability was found in the Flash version that ships with Windows. This issue can be exploited by loading the Shockwave Flash object as an embedded OLE object. When instantiating the object Windows will try to load the DLL spframe.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
05acd97f15be7119fb1100ff641cd7b269e04fe167eaf70a9f77c55c83191102
A DLL side loading vulnerability was found in the Shutdown UX DLL. This issue can be exploited by loading the Authentication UI Shutdown Choices object as an embedded OLE object. When instantiating the object Windows will try to load the DLL wuaext.dll from the current working directory. If an attacker convinces the user to open a specially crafted (Office) document from a directory also containing the attacker's DLL file, it is possible to execute arbitrary code with the privileges of the target user. This can potentially result in the attacker taking complete control of the affected system.
b96ff440d177a2b1c8d194a3eeb5ba6a3405ca91223f3d328cdc4c4755b3ac20
PyAMF suffers from insufficient AMF input payload sanitization which results in the XML parser not preventing the processing of XML external entities (XXE). A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger denial of service (DoS) conditions or arbitrarily return the contents of files that are accessible with the running application privileges. Versions 0.7.2 and below are affected.
939e9f52f635c72d8bc7877b8213d3c23d28d84296a37c4314ff4368f14040f1
Easy File Sharing web server version 7.2 GET HTTP request SEH buffer overflow exploit.
11531bcaf1cf7e2104ff72682242f65db7e85fc9273d86643f6ce05ad57c55ff
Easy File Sharing web server version 7.2 HEAD HTTP request SEH buffer overflow exploit.
3a6358d83dfc7a3f2dbc81d614d72f450d1cf61c66790c5934bc1d4aa00345fc
Libnsbmp version 0.1.2 suffers from heap overflow and out-of-bounds read vulnerabilities.
c0939b0e25b9fa643a0b63b47d68e7bdfab3e7978f4d2f6956a53d8dd28806ec
Zen Cart version 1.5.4 suffers from a local file inclusion vulnerability.
90d80bdc3f4d66ab1dcd931c5b4166fa1f6e20341a15274d3e8539e3d3478f36
orion.extfeedbackform Bitrix module version 2.1.2 suffers from cross site request forgery and remote SQL injection vulnerabilities.
eec9e7b4e30ebc71c095aa906c94d9c357af287f4a471dcf8ae2f104b0c822cd
Libnsgif version 0.1.2 suffers from stack overflow and out-of-bounds read vulnerabilities.
d53a9d5fac2511420bc71e8fceb0367db6d018335d2f3c8a2c530b88f9f9e266
UserCake version 1.3 suffers from cross site scripting and information disclosure vulnerabilities.
10d514fadc218779aff15843e7d33dc078285978c36de580e9c1387fa0bef491
Tweet Nest version 0.8 suffers from an open redirection vulnerability.
9fbcbbff6b5f163ff851ee213358b525a2fcf885cfb4edbe54fa06560408af2d
WordPress Google Adsense plugin version 1.29 suffers from a cross site scripting vulnerability.
91ae5e20bfd384ccb99c94c01d36dc2bb377c4381f40ff924487ffbe7fa97a0c