Yakir Sitbon, Ariel Klikstein Security Vulnerabilities
Unbreakable Enterprise kernel security update
kernel-uek [4.1.12-61.1.6] - blk-mq: avoid setting hctx->tags->cpumask before allocation (Akinobu Mita) [Orabug: 24464170] [4.1.12-61.1.3] - ocfs2: improve recovery performance (Junxiao Bi) [Orabug: 24395729] - qed: Utilize FW 8.10.3.0 (Yuval Mintz) [Orabug: 24442553] - blk-mq: mark request.....
9.8CVSS
-0.7AI Score
0.047EPSS
MailEnable Buffer Overflow Vulnerability
Advisory ID: CORE-2005-0629 Bugtraq ID: 14243 CVE Name: CVE-2005-2278 Title: MailEnable Buffer Overflow Vulnerability Class: Boundary Error Condition (Stack Buffer Overflow) Remotely Exploitable: Yes Locally Exploitable: Yes Vendors contacted: - MailEnable 2005-06-30: Notification to vendor....
0.1AI Score
0.923EPSS
Liferay Portal 6.2 EE SP8 Cross Site Scripting Vulnerability
Liferay Portal versions 6.2 EE SP8 and below suffer from a cross site scripting...
-0.3AI Score
0.001EPSS
7.1AI Score
0.3AI Score
7.1AI Score
Wordpress Frontend Upload Plugin - Arbitrary File Upload Vulnerability
Exploit for php platform in category web...
7.1AI Score
WordPress Plugin Frontend Upload - Arbitrary File Upload
WordPress Plugin Frontend Upload - Arbitrary File...
0.6AI Score
7.4AI Score
XtremeRAT Malware Used in Targeted Attacks Against Israel
Espionage malware used in attacks against Israel, as well as Syrian activists, in the last 18 months has been linked to a new attack against Israel’s Civil Administration, the country’s governing body in the West Bank. Researchers at Seculert reported today that samples of XtremeRAT, a...
0.6AI Score
Israeli Defense computer hacked in Spear Phishing Attack
Hackers broke into an Israeli defense ministry computer via an email attachment tainted with malicious software. Reuters reported Israeli Defense is the latest illustrious victim of the Spear Phishing Attack, and hackers penetrated into an Israeli defense ministry computer using a malicious email.....
7AI Score
iOS Mobile Banking Applications Vulnerable to Attack
An alarming percentage of mobile banking applications for iOS fail to implement basic protections that would safeguard against man-in-the-middle attacks, session hijacking, memory corruption, and credential theft. Ariel Sanchez, a researcher with IOActive based in Argentina, put 40 mobile apps...
-0.3AI Score
7.1AI Score
-0.9AI Score
7.4AI Score
Open Shortest Path First (OSPF) Protocol does not specify unique LSA lookup identifiers
Overview The Open Shortest Path First (OSPF) protocol does not specify unique Link State Advertisement (LSA) lookup identifiers, which allow an attacker to intercept traffic or conduct a Denial of Service (DoS) attack. Description CWE-694: Use of Multiple Resources with a Duplicate Identifier The.....
-0.2AI Score
0.002EPSS
0.4AI Score
Buffer Overflow Bugs Found in Informix database Servers
Several versions of the popular Informix database server from IBM contain two buffer overflow vulnerabilities that could lead to remote code execution. The problems affect eight different versions of the server and are present on Informix installations on all supported platforms. A researcher at...
3.3AI Score
Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified...
5.4AI Score
0.001EPSS
Unbreakable Enterprise kernel security and bugfix update
[2.6.39-200.24.1.el5uek] - Revert 'Add Oracle VM guest messaging driver' (Guru Anbalagane) [Orabug: 14233627} [2.6.39-200.23.1.el5uek] - SPEC: add block/net modules to list used by installer (Guru Anbalagane) [Orabug: 14224837] [2.6.39-200.22.1.el5uek] - NFSv4: include bitmap in nfsv4 get acl...
-0.3AI Score
0.003EPSS
SA-CONTRIB-2012-034 - Node Recommendation Cross Site Scripting (XSS)
CVE: CVE-2012-1659 This module shows users other nodes that they might be interested in based on a simple logic and using taxonomy. The aim of this module is to provide sensible defaults and an easy configuration for less-technical users and to allow it to be manually overriden. The module doesn't....
6.1AI Score
0.001EPSS
Mac OS X Sandbox Security Hole Uncovered
Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple’s announcement earlier this month that all....
-0.7AI Score
The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified...
6.3AI Score
0.006EPSS
CORE-2008-1009 - VNC Multiple Integer Overflows
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ VNC Multiple Integer Overflows Advisory Information Title: VNC Multiple Integer Overflows Advisory ID: CORE-2008-1009 Advisory URL:...
-0.2AI Score
0.899EPSS
VNC Multiple Integer Overflows
VNC Multiple Integer Overflows 1. Advisory Information Title: VNC Multiple Integer Overflows Advisory ID: CORE-2008-1009 Advisory URL: http://www.coresecurity.com/content/vnc-integer-overflows Date published: 2009-02-03 Date of last update: 2009-02-03 Vendors contacted: UltraVNC, TightVNC Release.....
7.9AI Score
Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Buffer overrun in XMLQUERY and XMLEXISTS September 15th 2008 Risk Level: High Affected versions: IBM DB2 Database Server v9.1 and 9.5 on Windows platform. Remote exploitable: Yes (Authentication to Database Server is...
0.2AI Score
0.139EPSS
GLSA-200804-27 : SILC: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200804-27 (SILC: Multiple vulnerabilities) Nathan G. Grennan reported a boundary error in SILC Toolkit within the silc_fingerprint() function in the file lib/silcutil/silcutil.c when passing overly long data, resulting in...
0.1AI Score
0.163EPSS
SILC: Multiple vulnerabilities
Background SILC (Secure Internet Live Conferencing protocol) Toolkit is a software development kit for use in clients, SILC Server is a communication server, and SILC Client is an IRSSI-based text client. Description Nathan G. Grennan reported a boundary error in SILC Toolkit within the...
7.7AI Score
0.163EPSS
Team SHATTER Security Advisory: Multiple DoS in JAR files manipulation procedures
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Multiple DoS in JAR files manipulation procedures April 17th 2008 Risk Level: High Affected versions: All versions of IBM DB2 Database Server on Windows platform. Remote exploitable: Yes (Authentication to Database Server....
0.1AI Score
CORE-2007-1212: SILC pkcs_decode buffer overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ SILC pkcs_decode buffer overflow Advisory Information Title: SILC pkcs_decode buffer overflow Advisory ID: CORE-2007-1212 Advisory URL:...
AI Score
SILC pkcs_decode buffer overflow
SILC pkcs_decode buffer overflow Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs-research Advisory Information Title: SILC pkcs_decode buffer overflow Advisory ID: CORE-2007-1212 Advisory URL: http://www.coresecurity.com/?action=item&id=2206 Date published:...
8.4AI Score
Debian Security Advisory DSA 858-1 (xloadimage)
The remote host is missing an update to xloadimage announced via advisory DSA 858-1. Ariel Berkman discovered several buffer overflows in xloadimage, a graphics file viewer for X11, that can be exploited via large image titles and cause the execution of arbitrary code. For the old stable...
0.1AI Score
0.029EPSS
Debian Security Advisory DSA 859-1 (xli)
The remote host is missing an update to xli announced via advisory DSA 859-1. Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of...
0.2AI Score
0.029EPSS
7.1AI Score
Team SHATTER Advisory: IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory IBM DB2 Buffer overflow in sysproc.auth_list_groups_for_authid August 31st 2007 Risk Level: High Affected versions: DB2 9.1 Fixpack 2 Enterprise server edition Remote exploitable: Yes Credits: This vulnerability....
0.1AI Score
JVN#84746611 Ariel AirOne series cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. ## Solution ## Products Affected Ariel AirOne ProjectA v4.6.1 Ariel MultiScheduler v4.6.3 For more information, refer to the vendor's...
7AI Score
Ariel FTP Server Default 'document' Account
The remote host is an Ariel FTP server. Ariel is a document transmission system mostly used in the academic world. Nessus was able to log into the remote FTP server by connecting as the user 'document' (or 'ariel4') and with a hex-encoded password based on the IP address of the host the user is...
0.1AI Score
Ariel Berkman reports : Unlike most of the supported image formats in xloadimage, the NIFF image format can store a title name of arbitrary length as part of the image file. When xloadimage is processing a loaded image, it is creating a new Image object and then writing the processed image to it......
-0.5AI Score
0.029EPSS
GLSA-200510-26 : XLI, Xloadimage: Buffer overflow
The remote host is affected by the vulnerability described in GLSA-200510-26 (XLI, Xloadimage: Buffer overflow) When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman...
-0.4AI Score
0.029EPSS
-0.3AI Score
Oracle Database Server 9i10g - XML Local Buffer Overflow
Oracle Database Server 9i10g - XML Local Buffer...
0.3AI Score
Oracle Database Server 9i/10g (XML) Buffer Overflow Exploit
Exploit for unknown platform in category local...
6.8AI Score
7.4AI Score
EPSS
Mandrake Linux Security Advisory : xli (MDKSA-2005:192)
Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code. The updated packages have been patched to address this...
AI Score
0.029EPSS
Ubuntu 4.10 : cupsys vulnerabilities (USN-50-1)
CAN-2004-1125 : The recent USN-48-1 fixed a buffer overflow in xpdf. Since CUPS contains xpdf code to convert incoming PDF files to the PostScript format, this vulnerability applies to cups as well. In this case it could even lead to privilege escalation: if an attacker submitted a malicious PDF...
1.1AI Score
0.086EPSS
The version of Moodle on the remote host contains a flaw that allows a remote cross site scripting attack because the application does not validate the 'reply' variable upon submission to the 'post.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary.....
-0.8AI Score
0.003EPSS
XLI, Xloadimage: Buffer overflow
Background XLI and Xloadimage are X11 image manipulation utilities. Description When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and...
7.1AI Score
0.029EPSS
Debian DSA-859-1 : xli - buffer overflows
Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary...
-0.2AI Score
0.029EPSS
Debian DSA-858-1 : xloadimage - buffer overflows
Ariel Berkman discovered several buffer overflows in xloadimage, a graphics file viewer for X11, that can be exploited via large image titles and cause the execution of arbitrary...
AI Score
0.029EPSS
[SECURITY] [DSA 859-1] New xli packages fix arbitrary code execution
Debian Security Advisory DSA 859-1 [email protected] http://www.debian.org/security/ Martin Schulze October 10th, 2005 http://www.debian.org/security/faq Package : xli Vulnerability : buffer overflows Problem type :...
0.6AI Score
0.029EPSS