A remote code execution vulnerability exists in Pivotal Spring Security OAuth. The vulnerability is caused when processing authorization requests using the whitelabel views and when the response_type parameter value is executed as Spring SpEL. This enables a malicious user to trigger remote code execution via the crafting of the value for response_type.
Category Archives: Checkpoint
Checkpoint
GetSimple CMS Arbitrary File Upload
A file upload vulnerability exists in Getsimple CMS v3.3.10. The vulnerability allows authenticated users with low privileged accounts to upload files to the uploads directory. Malicious users can exploit this vulnerability to upload and run arbitrary code from the uploads directory.
Adobe Acrobat and Reader Use After Free (APSB16-14: CVE-2016-1047; CVE-2016-1047)
A use after free vulnerability exists in Adobe Acrobat and Reader. The vulnerability is due to an error in the way Adobe Acrobat and Reader handles objects in memory. A remote attacker can exploit this vulnerability by enticing the user to open a specially crafted PDF file, potentially leading to to arbitrary code execution.
Teampass Arbitrary File Upload
A file upload vulnerability exists in Teampass v2.1.26. The vulnerability allows authenticated users with low privileged accounts to upload files to the files directory in the webroot. Malicious users can exploit this vulnerability to upload and run arbitrary code from the files directory.
OpenSSL ChaCha20_Poly1305 Cipher Suites (CVE-2016-7054)
A denial-of-service vulnerability exists in OpenSSL. A remote, unauthenticated attacker can send *-CHACHA20-POLY1305 ciphersuites with corrupted larger payloads and create a denial of service condition. This vulnerability is not considered to be exploitable beyond a denial of service.
OpenSSL SSL3_AL_WARNING Denial of Service (CVE-2016-8610)
A denial-of-service vulnerability exists in OpenSSL. The vulnerability, AKA SSL Death Alert, is due to improper handling of warning packets by the function ssl3_read_bytes(). A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending SSL Alert Warning records during the handshake. Successful exploitation will cause the excessive resource consumption on the server.
Microsoft Windows LSASS Denial of Service (MS16-137: CVE-2016-7237; CVE-2016-7237)
A denial-of-service vulnerability exists in Microsoft Windows. The vulnerability is due to a failure to properly process crafted requests.A remote, authenticated attacker can exploit this vulnerability by sending a crafted request to the target system and cause the lsass.exe process to terminate, resulting in a non-responsive system.
Adobe Flash Player Type Confusion (APSB16-37: CVE-2016-7860; CVE-2016-7860)
A type confusion vulnerability exists in Adobe Flash Player. The vulnerability is due to an error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.
Adobe Flash Player Use After Free Code Execution (APSB16-37: CVE-2016-7858; CVE-2016-7858)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.
Adobe Flash Player Use After Free (APSB16-37: CVE-2016-7864; CVE-2016-7864)
A remote code execution vulnerability exists in Adobe Flash Player. The vulnerability is due to a use-after-free error in Adobe Flash Player while handling a specially crafted SWF file. A remote attacker can exploit this vulnerability by enticing a target user to open a specially crafted SWF file with an affected version of Flash Player.