The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
Monthly Archives: August 2016
CVE-2016-6185
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
CVE-2016-6257
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a “KeyJack injection attack.”
FireEye Admits Filtering Out Legitimate Emails In Sniffer Snafu
Nigerian Authorities Arrest Alleged Mastermind Of $60M In Scams
Kaspersky Lab Launches Bug Bounty Program
Hacker Selling 200 Million Yahoo Accounts On The Dark Web For Bitcoin
A look ahead at an olympic-sized criminal competition
In a few days the Olympic Games in Brazil will start. It will be a fascinating event with a huge visual spectacle and exciting competition. Apart from the big samba show stage, don’t forget about all the existing problems in this huge country such as poverty, high criminality rates, and corruption.
The post A look ahead at an olympic-sized criminal competition appeared first on Avira Blog.
WinSaber Privilege Escalation
WinSaber suffers from an unquoted service path privilege escalation vulnerability.
Windows 7/x86 localhost Port Scanner Shellcode
556 bytes large Windows 7/x86 localhost port scanner shellcode.