Researchers from Core Security have disclosed DLL hijacking vulnerabilities in several applications made by Corel Software after the vendor didn’t respond to Core’s notifications about the flaws. There are no patches available for the bugs, which can allow remote code execution. Corel sells a variety of graphics, design and video apps, including CorelDRAW, Photo-Paint and […]
Monthly Archives: January 2015
CVE-2013-7420
Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.
Google Passes on Older Android Patches; 930 Million Devices Vulnerable
Google has decided that it will no longer provide Webview patches for Android systems running Jelly Bean 4.3, or older, putting the onus on OEMs and the open source security community to provide patches to users.
WordPress Pods 2.4.3 CSRF / Cross Site Scripting
WordPress Pods plugin versions 2.4.3 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
Microsoft to end free Advance Security Notifications
Microsoft is changing the way it distributes its Advance Notification Service, and will no longer make the security bulletins publicly available, according to eWeek.
The post Microsoft to end free Advance Security Notifications appeared first on We Live Security.
Oracle MySQL for Microsoft Windows FILE Privilege Abuse
This Metasploit module takes advantage of a file privilege misconfiguration problem specifically against Windows MySQL servers. This Metasploit module abuses the FILE privilege to write a payload to Microsoft’s All Users Start Up directory which will execute every time a user logs in. The default All Users Start Up directory used by the module is Windows 7 friendly.
Lexmark MarkVision Enterprise Arbitrary File Upload
This Metasploit module exploits a code execution flaw in Lexmark MarkVision Enterprise before 2.1. A directory traversal in the GfdFileUploadServlet servlet allows an unauthenticated attacker to upload arbitrary files, including arbitrary JSP code. This Metasploit module has been tested successfully on Lexmark MarkVision Enterprise 2.0 with Windows 2003 SP2.
WordPress WP Symposium 14.11 Shell Upload
WP Symposium Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /wp-symposium/server/file_upload_form.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the attacker to execute the script with the privileges of the web server.
Mandriva Linux Security Advisory 2015-022
Mandriva Linux Security Advisory 2015-022 – Updated wireshark packages fix security vulnerabilities. The DEC DNA Routing Protocol dissector could crash. The SMTP dissector could crash. Wireshark could crash while decrypting TLS/SSL sessions.
Mandriva Linux Security Advisory 2015-020
Mandriva Linux Security Advisory 2015-020 – Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.