<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Tue Jul 25 02:47:59 2017 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-17-492: AlienVault Unified Security Management nfcapd Process_ipfix_template_withdraw Heap-based Buffer Overflow Remove Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/iFTmnH1NUf0/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of AlienVault Unified Security Management. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/iFTmnH1NUf0" height="1" width="1" alt=""/> Thu, 20 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-492/ <![CDATA[ZDI-17-491: EMC VMAX3 VASA Provider UploadConfigurator Unrestricted File Upload Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/bpfhfvKfsBQ/ This vulnerability allows remote attackers to create arbitrary files on vulnerable installations of EMC VMAX3 VASA Provider. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/bpfhfvKfsBQ" height="1" width="1" alt=""/> Wed, 19 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-491/ <![CDATA[ZDI-17-490: Apple iTunes iPodService Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/J7gZT75qtrM/ This vulnerability allows local attackers to escalate privileges on vulnerable installations of Apple iTunes. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/J7gZT75qtrM" height="1" width="1" alt=""/> Wed, 19 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-490/ <![CDATA[ZDI-17-489: Apple Safari Frame Use-After-Free Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/uX6dw3v9aG4/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/uX6dw3v9aG4" height="1" width="1" alt=""/> Wed, 19 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-489/ <![CDATA[ZDI-17-488: Microsoft Windows OTL Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/XEZjNQkdz3Y/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/XEZjNQkdz3Y" height="1" width="1" alt=""/> Fri, 14 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-488/ <![CDATA[ZDI-17-487: (Pwn2Own) Microsoft Windows NtUserLinkDpiCursor Use-After-Free Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/QGpevokcqqs/ This vulnerability allows local attackers to escalate privileges on vulnerable installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/QGpevokcqqs" height="1" width="1" alt=""/> Wed, 12 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-487/ <![CDATA[ZDI-17-486: Adobe Flash BrokerCreateFile Broker Method Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/TsFmUoFLRY0/ This vulnerability allows remote attackers to bypass the Enhanced Protected Mode sandbox of vulnerable installations of Adobe Flash Player and disclose file contents. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/TsFmUoFLRY0" height="1" width="1" alt=""/> Wed, 12 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-486/ <![CDATA[ZDI-17-485: Fuji Electric V-Server VPR File Parsing Memory Corruption Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/A0CU14S6smY/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric V-Server. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/A0CU14S6smY" height="1" width="1" alt=""/> Wed, 12 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-485/ <![CDATA[ZDI-17-484: Hewlett Packard Enterprise Intelligent Management Center dbman Stack-based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/njQIFk1_EeA/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/njQIFk1_EeA" height="1" width="1" alt=""/> Wed, 12 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-484/ <![CDATA[ZDI-17-483: Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10005 Command Injection Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/AmfsXN8BDRE/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/AmfsXN8BDRE" height="1" width="1" alt=""/> Wed, 12 Jul 2017 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-17-483/