An insecure deserialization vulnerability has been reported in Oracle WebLogic Server. This vulnerability is due to deseralization of untrusted data while having the vulnerable version of Apache-Commons-FileUpload library in the code path. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted serialized object.
Monthly Archives: November 2016
OpenSSL SSL_peek Infinite Loop Denial of Service (CVE-2016-6305)
A denial-of-service vulnerability exists in OpenSSL. The vulnerability is due to an error in SSL_peek() API that causes an infinite loop to occur when processing empty records. A remote, unauthenticated attacker can exploit this vulnerability by supplying an empty record during an SSL connection. Successful exploitation will cause the server application to use up 100% of its CPU resources, resulting in a denial-of-service condition.
SQL Servers SQL Injection Obfuscation Techniques
Attackers may use SQL injection techniques in order to execute SQL commands on SQL servers. To avoid detection by security devices, such attackers might use various obfuscation techniques to conceal their actions. Successful exploitation could allow an attacker to disclose confidential information, modify or shut down the database, or execute arbitrary code on affected servers.
Hacker who exposed Steubenville Rape Faces longer Prison term than Rapists
Remember Steubenville High School Rape Case?
In 2012, Steubenville (Ohio) high school’s football team players gang-raped an unconscious teenage girl from West Virginia and took photographs of the sexual assault.
In December 2012, a member of the hacker collective Anonymous hacked into the Steubenville High School football fan website Roll Red Roll and leaked some evidence of the rape,
Sync Breeze Enterprise 9.1.16 Buffer Overflow
Sync Breeze Enterprise version 9.1.16 suffers from a buffer overflow vulnerability.
Microsoft Internet Explorer MSHTML DOMImplementation Type Confusion
A specially crafted web-page can cause a type confusion vulnerability in Microsoft Internet Explorer 8 through to 11. An attacker can cause code to be executed with a stack layout it does not expect, or have code attempt to execute a method of an object using a vftable, when that object does not have a vftable. Successful exploitation can lead to arbitrary code execution.
Disk Savvy Enterprise 9.1.14 Buffer Overflow
Disk Savvy Enterprise version 9.1.14 suffers from a buffer overflow vulnerability.
VX Search Enterprise 9.1.12 Buffer Overflow
VX Search Enterprise version 9.1.12 suffers from a buffer overflow vulnerability.
Linux Kernel Dirty COW PTRACE_POKEDATA Privilege Escalation
This exploit uses the pokemon exploit as a base and automatically generates a new passwd line. The original /etc/passwd is then backed up to /tmp/passwd.bak and overwritten with the new line. The user will be prompted for the new password when the binary is run. After running the exploit you should be able to login with the newly created user.
Disk Sorter Enterprise 9.1.12 Buffer Overflow
Disk Sorter Enterprise version 9.1.12 suffers from a buffer overflow vulnerability.