A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would allow attackers to execute code on the target system.
Monthly Archives: July 2016
Shopware getTemplateName Local File Inclusion (CVE-2016-3109)
A local file inclusion vulnerability has been reported in Shopware. This vulnerability is due to insufficient input validation in the getTemplateName() method. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could lead to information disclosure and achieve arbitrary code execution.
Microsoft Office Remote Code Execution (MS16-088: CVE-2016-3279; CVE-2016-3279)
A remote code execution vulnerability exists in Microsoft Office. The vulnerability is due to improper handling of objects in memory while parsing a specially crafted Office file. A remote attacker could exploit this vulnerability by enticing the target user to open a specially crafted Office file.
Clinic Management System Blind SQL Injection
Clinic Management System suffers from an unauthenticated remote blind SQL injection vulnerability.
CEBA-2016:1393 CentOS 5 kernel BugFix Update
CentOS Errata and Bugfix Advisory 2016:1393 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1393.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 2af6191ae4d1b5b3350250f05a04ca590987512312b038544f6158c36a13d034 kernel-2.6.18-411.el5.i686.rpm 93716d86dd8f29b719fcf6c346c3c59d0e990716313e54de6a13cec350220102 kernel-debug-2.6.18-411.el5.i686.rpm 8d1de34944cd5eff26757c96d5593ed2d29856cd17fddeb4df774731e3427572 kernel-debug-devel-2.6.18-411.el5.i686.rpm a00a8429f1b5856e6a835740e0a78895a9877c6d5578f04d4cf0efa9a7c8f20e kernel-devel-2.6.18-411.el5.i686.rpm 6ef6aa1b8bd87db9fc334373024361eb16222db430c498e5cef7332ed0795e38 kernel-doc-2.6.18-411.el5.noarch.rpm 213f69e96c1b5c43b7e6a4d4cd6dde240947fce430647cdb7a872e2e56bf6e48 kernel-headers-2.6.18-411.el5.i386.rpm 379229cc5bdf62c153b92b7ffa93db3ce78b4fa72a315c45f2b1cc869427c52f kernel-PAE-2.6.18-411.el5.i686.rpm 86e516e3bf74fd5b27d2bfa46f64dc3cb3dce4788687b5552a502d2936340b59 kernel-PAE-devel-2.6.18-411.el5.i686.rpm e2c83f10183444fbcbecc032d3eb4b3a8f084825330360707817962ca8e201ee kernel-xen-2.6.18-411.el5.i686.rpm c7d0a2764011bfb72de561838524851162cbda422b7706ad45d81b527a72db4c kernel-xen-devel-2.6.18-411.el5.i686.rpm x86_64: 698bd9b45af90d756628cf54ee6ca813b67ec17ccbf7878c3d0d4a8fc44da400 kernel-2.6.18-411.el5.x86_64.rpm 95d98902dd8e649c66fc2af1279eb550edc887f1e5cf05c1ac156abb772b6d23 kernel-debug-2.6.18-411.el5.x86_64.rpm ccc2f6aa69a1bd193a8792d76d418ca18691a78e0a38ee5af328f7d429f14641 kernel-debug-devel-2.6.18-411.el5.x86_64.rpm c7859e1855e4d082496b5ca6551acc8935123be1b33ba479040a2f7ae5239b03 kernel-devel-2.6.18-411.el5.x86_64.rpm 6ef6aa1b8bd87db9fc334373024361eb16222db430c498e5cef7332ed0795e38 kernel-doc-2.6.18-411.el5.noarch.rpm 0919d512703336d27682837205269e84088e0c4fe9b732a9dce7688443c65ffd kernel-headers-2.6.18-411.el5.x86_64.rpm b6452b14b810d53516b8c03d0aa56c355751ed645737c451b7d0b0ac8f82b82f kernel-xen-2.6.18-411.el5.x86_64.rpm caa367e5cf11e6a622aebaca4cc5a85715a074a872ec58ecb0a1898ec3b49841 kernel-xen-devel-2.6.18-411.el5.x86_64.rpm Source: 40075df5991ee034b43c9cb8db4772893d435696b960acf475023816ebd1fdfa kernel-2.6.18-411.el5.src.rpm
Beauty Parlour And SPA Saloon Management System SQL Injection
Beauty Parlour and SPA Saloon Management System suffers from an unauthenticated blind remote SQL injection vulnerability.
CVE-2016-2205
Directory traversal vulnerability in the file-download configuration file in the management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read unspecified application files via unknown vectors.
CVE-2016-2206
The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 allows remote authenticated users to read arbitrary files by modifying the file-download configuration file.
CVE-2016-4503
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and consequently modify settings and data, via vectors related to reading a cookie parameter containing a UserId value.
CVE-2016-4533
Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file.