<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Sat Jun 25 04:14:15 2016 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-16-375: Unitronics VisiLogic OPLC IDE vlp File Parsing Stack Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/OI7w985iSoY/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Unitronics VisiLogic OPLC IDE. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/OI7w985iSoY" height="1" width="1" alt=""/> Fri, 24 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-375/ <![CDATA[ZDI-16-374: SolarWinds Storage Resource Monitor Profiler Server RulesMetaData addNewRule SQL Injection Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/6UVtbutb0ls/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Storage Resource Monitor. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/6UVtbutb0ls" height="1" width="1" alt=""/> Wed, 22 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-374/ <![CDATA[ZDI-16-373: Trend Micro Deep Discovery hotfix_upload.cgi filename Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ojGx9xS6fkg/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Trend Micro Deep Discovery. Authentication is required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/ojGx9xS6fkg" height="1" width="1" alt=""/> Wed, 22 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-373/ <![CDATA[ZDI-16-372: (Pwn2Own) Microsoft Windows Diagnostics Hub Standard Collector Directory Traversal Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/c87o5i7XOas/ This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Diagnostics Hub Standard Collector. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/c87o5i7XOas" height="1" width="1" alt=""/> Wed, 22 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-372/ <![CDATA[ZDI-16-371: Microsoft Edge CBaseScriptable PrivateQueryInterface Uninitialized Memory Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/_DyS4Ml8N2U/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/_DyS4Ml8N2U" height="1" width="1" alt=""/> Wed, 22 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-371/ <![CDATA[ZDI-16-370: Microsoft Windows PDF Library JPEG2000 COD Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/q6rYVhEQG0Y/ This vulnerability allows a remote attacker to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/q6rYVhEQG0Y" height="1" width="1" alt=""/> Wed, 22 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-370/ <![CDATA[ZDI-16-369: Microsoft Windows PDF Library AES Encryption Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/BOl_0ekMQQE/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows PDF Library. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/BOl_0ekMQQE" height="1" width="1" alt=""/> Wed, 22 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-369/ <![CDATA[ZDI-16-368: Microsoft Edge JavaScript map Method Out-Of-Bounds Write Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/CNhpRUbZdKg/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/CNhpRUbZdKg" height="1" width="1" alt=""/> Thu, 16 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-368/ <![CDATA[ZDI-16-367: Microsoft Edge JavaScript filter Method Out-Of-Bounds Write Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/QaJaQ4Ngi3I/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/QaJaQ4Ngi3I" height="1" width="1" alt=""/> Thu, 16 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-367/ <![CDATA[ZDI-16-366: Microsoft Internet Explorer PerformDoDragDrop Protected Mode Sandbox Escape Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/1dtY89xj26E/ This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/1dtY89xj26E" height="1" width="1" alt=""/> Thu, 16 Jun 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-366/