All Vulnerabilities

TLS Protocol Information Disclosure Vulnerability (CVE-2013-3587)
 Severity:    
 Date Published:  26 Oct 2016
A vulnerability regarding compressed HTTPS streams could allow a remote attacker to obtain plaintext secrets from the ciphertext of an HTTPS stream by observing compressed HTTPS responses.
Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Ruby On Rails Known Secret Session Cookie Remote Code Execution
 Severity:    
 Date Published:  26 Oct 2016
This module implements Remote Command Execution on Ruby on Rails applications. Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base" (Rails 4). The values for those can be usually found in the default location. The module achieves RCE by deserialization of a crafted Ruby Object.
An integer overflow vulnerability was discovered within the Ntoskrnl component of Microsoft Windows 7 and 8.1. It affects the x86 versions. It can be triggered by loading malicious registry hive files. Successful exploitation of this issue might lead to local privilege escalation.
Microsoft Windows Diagnostics Hub Elevation Of Privilege (CVE-2016-7188)
 Severity:    
 Date Published:  26 Oct 2016
An elevation of privilege vulnerability exists in the Windows Diagnostics Hub Standard Collector Service when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input that could lead to unsecured library loading behavior. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated system privileges.
Microsoft Internet Explorer scripting engine is prone to a use after free memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
Joomla Component Arbitrary File Upload Shell Vulnerability
 Severity:    
 Date Published:  20 Oct 2016
Unrestricted file upload vulnerability in the Joomla Component allows remote attackers to execute arbitrary code by uploading a crafted file.
ISC BIND Response Handler Denial Of Service Vulnerability (CVE-2015-8000)
 Severity:    
 Date Published:  20 Oct 2016
A denial-of-service vulnerability has been reported in BIND. The vulnerability is due to improper parsing of incoming responses, allowing malformed records to be accepted by BIND when they should not be accepted. A remote, unauthenticated attacker could exploit this vulnerability against DNS servers that perform recursive queries by crafting responses with an improper class attribute. Successful exploitation could lead to denial-of service.
ISC BIND OpenPGP Key Handler Denial Of Service Vulnerability (CVE-2015-5986)
 Severity:    
 Date Published:  20 Oct 2016
A denial-of-service vulnerability exists in ISC BIND. The vulnerability is due to an incorrect boundary check, leading to a REQUIRE assertion failure in openpgpkey_61.c. A remote, unauthenticated attacker can exploit this vulnerability by sending crafted queries under certain circumstances. Successful exploitation will result in a denial of service condition.