A use-after-free vulnerability exists in the RTF parser of the LibreOffice office suite. The vulnerability is due to invalid parsing of stylesheets in RTF files. By enticing the user to open a specially crafted RTF file, an attacker could exploit this vulnerability to execute arbitrary code on the affected system.
Category Archives: Checkpoint
Checkpoint
Nagios XI SQL Injection
An SQL injection vulnerability exists in Nagios XI. It allows an authenticated remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
Nagios XI Command Injection
A Command Injection vulnerability exists in Nagios XI. Successful exploitation will result in arbitrary command execution with root privileges.
D-Link DCS-930L Authenticated Remote Command Execution
A command execution vulnerability exists in D-Link DCS-930L. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system.
Squid Long String Header Processing Assertion Failure (CVE-2016-2569)
A denial-of-service vulnerability has been reported in Squid. The vulnerability is due to the way Squid uses a String object of a certain maximum length to store incoming headers, such as the Vary header, in HTTP responses. Long strings in headers can cause an assertion failure.
Liferay Portal User Account Stored Cross Site Scripting (CVE-2016-3670)
A persistent XSS vulnerability exists in the user account creation process in Liferay Portal. The vulnerability is due to insufficient input validation of the firstName, middleName and lastName parameters. Successful exploitation could allow the attacker to inject arbitrary script code into a user profile.
WordPress WP Live Chat Support Plugin Cross-Site Scripting
A cross-site scripting vulnerability exists in WordPress WP Live Chat Support Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system.
WordPress All In One SEO Pack Plugin Cross-site Scripting
A cross-site scripting vulnerability exists in WordPress All In One SEO Pack plugin. Successful exploitation of this vulnerability would allow a remote attacker to insert malicious code into the effected system.
Microsoft Edge Memory Corruption (MS16-085: CVE-2016-3264; CVE-2016-3264)
A remote code execution vulnerability exists in Microsoft Edge. The vulnerability is due to an error in the way Microsoft Edge accesses objects in memory. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would allow attackers to execute code on the target system.
Microsoft Internet Explorer Memory Corruption (MS16-084: CVE-2016-3240; CVE-2016-3240)
A memory corruption vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote attacker can exploit this issue by enticing a target victim to open a specially crafted web page that could cause memory corruption in a way that would allow attackers to execute code on the target system.