Oracle E-Business Suite versions 12.1.3, 12.2.3, 12.2.4, 12.2.5, and 12.2.6 suffer from an unconstrained file download vulnerability.
Monthly Archives: January 2017
Executable installers are vulnerable^WEVIL (case 46): Pelles C allows arbitrary code execution
Posted by Stefan Kanthak on Jan 22
Hi @ll,
the executable installers of “Pelle’s C”,
<http://smorgasbordet.com/pellesc/800/setup64.exe> and,
<http://smorgasbordet.com/pellesc/800/setup.exe>, available
from <http://smorgasbordet.com/pellesc/index.htm>, are vulnerable
to DLL hijacking: they load (tested on Windows 7) at least the
following DLLs from their “application directory” instead Windows’
“system directory”:…
GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE Vulnerability]
Posted by Taoguang Chen on Jan 22
#GMP Deserialization Type Confusion Vulnerability [MyBB <= 1.8.3 RCE
Vulnerability]
Taoguang Chen <[@chtg57](https://twitter.com/chtg57)> – Write Date:
2015.4.28 – Release Date: 2017.1.20
Affected Versions
————
Affected is PHP 5.6 < 5.6.30
Credits
————
This vulnerability was disclosed by Taoguang Chen.
Description
————
gmp.c
“`
static int gmp_unserialize(zval **object, zend_class_entry *ce, const
unsigned…
Russian Hacker behind 'NeverQuest' Malware, Wanted by FBI, Is Arrested in Spain
A Russian computer hacker wanted by the FBI on hacking allegations was arrested and jailed in Spain earlier this week, while a decision on his extradition to the United States has yet to be made.
The Guardia Civil, Spanish law enforcement agency officers, have detained 32-year-old Stanislav Lisov at Barcelona–El Prat Airport based on an international arrest warrant issued by Interpol at the
ISC BIND TKEY Query Response Assertion Failure Denial of Service (CVE-2016-9131)
A denial-of-service vulnerability has been reported in ISC BIND. The vulnerability is due to a defect that can cause named service to exit with an assertion failure while processing a crafted DNS response packet. A remote, unauthenticated attacker could exploit this vulnerability by providing a specially crafted response to the vulnerable server. Successful exploitation could lead to denial-of-service condition.
PageKit 1.0.10 Password Reset
PageKit version 1.0.10 suffers from a password reset vulnerability.
Telstra 4Gx Portable Router Persistent Root Shell
This write up discusses how to leave a persistent root shell on a Telstra 4GX portable router.
Microsoft Power Point Java Payload Code Execution
Microsoft power point allows users to insert objects of arbitrary file types. At presentation time these objects can be activated by mouse movement or clicking.
PHP 5.6.x / MyBB 1.8.3 Remote Code Execution
MyBB versions 1.8.3 and below alongside PHP versions prior to 5.6.30 suffer from a GMP deserialization type confusion vulnerability.
Pelle's C DLL Hijacking
The executable installers of Pelle’s C suffer from a dll hijacking vulnerability.