All Vulnerabilities

Microsoft Windows Kernel Driver Local Elevation Of Privilege (CVE-2016-7185)
 Severity:    
 Date Published:  26 Oct 2016
A privileges and access control vulnerability was discovered within Microsoft Windows. Successful exploitation of this issue might lead to an elevation of privileges.
Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3385)
 Severity:    
 Date Published:  26 Oct 2016
Microsoft Internet Explorer is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
TLS Protocol Information Disclosure Vulnerability (CVE-2013-3587)
 Severity:    
 Date Published:  26 Oct 2016
A vulnerability regarding compressed HTTPS streams could allow a remote attacker to obtain plaintext secrets from the ciphertext of an HTTPS stream by observing compressed HTTPS responses.
Microsoft Edge Scripting Engine is prone to a memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Ruby On Rails Known Secret Session Cookie Remote Code Execution
 Severity:    
 Date Published:  26 Oct 2016
This module implements Remote Command Execution on Ruby on Rails applications. Prerequisite is knowledge of the "secret_token" (Rails 2/3) or "secret_key_base" (Rails 4). The values for those can be usually found in the default location. The module achieves RCE by deserialization of a crafted Ruby Object.
An integer overflow vulnerability was discovered within the Ntoskrnl component of Microsoft Windows 7 and 8.1. It affects the x86 versions. It can be triggered by loading malicious registry hive files. Successful exploitation of this issue might lead to local privilege escalation.
Microsoft Windows Diagnostics Hub Elevation Of Privilege (CVE-2016-7188)
 Severity:    
 Date Published:  26 Oct 2016
An elevation of privilege vulnerability exists in the Windows Diagnostics Hub Standard Collector Service when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input that could lead to unsecured library loading behavior. An attacker who successfully exploited the vulnerability could run arbitrary code with elevated system privileges.
Microsoft Internet Explorer scripting engine is prone to a use after free memory corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application.
Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.
Joomla Component Arbitrary File Upload Shell Vulnerability
 Severity:    
 Date Published:  20 Oct 2016
Unrestricted file upload vulnerability in the Joomla Component allows remote attackers to execute arbitrary code by uploading a crafted file.

Featured Stories