NVD

CVE-2015-8267

December 23, 2015 007admin

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords via a crafted request with a valid username.

Full Disclosure

Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege

December 23, 2015 007admin

Posted by NaxoneZ . on Dec 23

I think like Shawn, this is a SO problem:

https://msdn.microsoft.com/es-es/library/windows/desktop/ff919712(v=vs.85).aspx

Anyway the developers can mitigate this issue following the guidelines
described in article.

Regards.

2015-12-23 16:32 GMT+01:00 Shawn McMahon <syberghost () gmail com>:

Security Focus

Vuln: Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability

December 23, 2015 007admin

Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability

Security Focus

Vuln: Xen 'pt-msi.c' Heap Memory Corruption Vulnerability

December 23, 2015 007admin

Xen ‘pt-msi.c’ Heap Memory Corruption Vulnerability

Security Focus

Vuln: Xen CVE-2015-8555 Information Disclosure Vulnerability

December 23, 2015 007admin

Xen CVE-2015-8555 Information Disclosure Vulnerability

Security Focus

Vuln: Linux Kernel CVE-2015-8104 Denial of Service Vulnerability

December 23, 2015 007admin

Linux Kernel CVE-2015-8104 Denial of Service Vulnerability

Security

Arastta 1.1.5 SQL Injection

December 23, 2015 007admin

Arastta version 1.1.5 suffers from a remote SQL injection vulnerability.

Security

Grawlix 1.0.3 Code Execution

December 23, 2015 007admin

Grawlix version 1.0.3 suffers from a code execution vulnerability.

Security

Grawlix 1.0.3 Cross Site Request Forgery

December 23, 2015 007admin

Grawlix version 1.0.3 suffers from a cross site request forgery vulnerability.

Security

Grawlix 1.0.3 Cross Site Scripting

December 23, 2015 007admin

Grawlix version 1.0.3 suffers from a cross site scripting vulnerability.

007 Software

Monthly Archives: December 2015

CVE-2015-8267

Re: Executable installers are vulnerable^WEVIL (case 15): F-SecureOnlineScanner.exe allows arbitrary (remote) code execution and escalation of privilege

Vuln: Multiple Adobe Products CVE-2015-5255 Server Side Request Forgery Security Bypass Vulnerability

Vuln: Xen 'pt-msi.c' Heap Memory Corruption Vulnerability

Vuln: Xen CVE-2015-8555 Information Disclosure Vulnerability

Vuln: Linux Kernel CVE-2015-8104 Denial of Service Vulnerability

Arastta 1.1.5 SQL Injection

Grawlix 1.0.3 Code Execution

Grawlix 1.0.3 Cross Site Request Forgery

Grawlix 1.0.3 Cross Site Scripting

Software and Security Information