[SYSS-2017-009] agorum core Pro – Improper Restriction of XML External Entity Reference (‘XXE’)
Category Archives: Security
Security
Bugtraq: [slackware-security] bind (SSA:2017-103-01)
[slackware-security] bind (SSA:2017-103-01)
Bugtraq: [security bulletin] HPESBGN03728 rev.1 – HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data
[security bulletin] HPESBGN03728 rev.1 – HPE Operations Agent using OpenSSL, Remote Denial of Service (DoS), Unauthorized Access to Data
Bugtraq: concrete5 v8.1.0 Host Header Injection
concrete5 v8.1.0 Host Header Injection
RHEA-2017:0977-1: Red Hat Enterprise MRG Realtime 2.5 enhancement update
Red Hat Enterprise Linux: Updated Red Hat Enterprise MRG Realtime packages that add one enhancement are
now available for Red Hat Enterprise MRG 2.5.
Exploit Kit Activity Quiets, But Is Far From Silent
Here are the exploit kits to watch for over the next three to six months.
Adobe Creative Cloud Desktop Application <= v4.0.0.185 Privilege Escalation
Posted by hyp3rlinx on Apr 14
[+] Credits: John Page aka hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/ADOBE-CREATIVE-CLOUD-PRIVILEGE-ESCALATION.txt
[+] ISR: apparitionSec
Vendor:
==============
www.adobe.com
Product:
========================================
Adobe Creative Cloud Desktop Application
<= v4.0.0.185
Vulnerability Type:
=====================
Privilege Escalation
CVE Reference:
==============…
CVE-2017-7868
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.
CVE-2017-7859
FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c.
CVE-2017-7861
Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c.