All Vulnerabilities

An out-of-bound array indexing vulnerability has been reported in ImageMagick. The vulnerability is due to improper handling of certain objects in memory. A remote attacker can exploit this vulnerability by uploading a maliciously crafted file to a vulnerable web service. Successful exploitation could result in arbitrary code execution under the security context of the service using ImageMagick.
A denial-of-service vulnerability exists in libtasn1, a component of GnuTLS. The vulnerability is due to a flaw in parsing ASN.1 data that causes libtasn1 to enter an infinite loop when processing a specially crafted DER-encoded input. A remote attacker can exploit this vulnerability in GnuTLS by sending a crafted ASN.1 certificate to a target application. Successful exploitation may result in a denial-of-service condition.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-7202)
 Severity:    
 Date Published:  11 Jan 2017
Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Openssl RSA Downgrade Vulnerability (CVE-2015-0204)
 Severity:    
 Date Published:  11 Jan 2017
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role.
Ruby On Rails Action View Cross Site Scripting Vulnerability (CVE-2016-6316)
 Severity:    
 Date Published:  11 Jan 2017
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
phpMyAdmin SQL Injection Vulnerability (CVE-2016-6611)
 Severity:    
 Date Published:  11 Jan 2017
phpMyAdmin is prone to a sql-injection vulnerability. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. phpMyAdmin 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8 and 4.0.x versions prior to 4.0.10.17 are vulnerable.
phpMyAdmin Directory Traversal Vulnerability (CVE-2016-6614)
 Severity:    
 Date Published:  11 Jan 2017
phpMyAdmin is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks. phpMyAdmin 4.6.x prior to 4.6.4, 4.4.x prior to 4.4.15.8 and 4.0.x prior to 4.0.10.17 are vulnerable.
Moodle Cross Site Scripting Vulnerability (CVE-2016-9188)
 Severity:    
 Date Published:  11 Jan 2017
Moodle is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Moodle 3.1.2 and prior versions are vulnerable.
Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Microsoft Office Information Disclosure Vulnerability (CVE-2016-7264)
 Severity:    
 Date Published:  11 Jan 2017
An information disclosure vulnerability exists in Microsoft Office when Microsoft Office fails to properly handle office files. An attacker who successfully exploited this vulnerability could use a specially crafted file to perform code execution in the context of the current user.

Featured Stories