<![CDATA[ZDI: Published Advisories]]> http://www.zerodayinitiative.com/advisories/published/ Sun Dec 4 14:27:15 2016 +0000 zdi@hp.com (Author) Tippingpoint, all rights reserved ZDI Bird Feeder en http://blogs.law.harvard.edu/tech/rss <![CDATA[ZDI-16-617: Dell SonicWALL Universal Management Suite ImagePreviewServlet SQL Injection Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/NCNM8J6lFF4/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL Universal Management Suite. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/NCNM8J6lFF4" height="1" width="1" alt=""/> Fri, 02 Dec 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-617/ <![CDATA[ZDI-16-616: Hewlett Packard Enterprise Network Automation RPCServlet Deserialization of Untrusted Data Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/B35s0fYwaqY/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Network Automation. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/B35s0fYwaqY" height="1" width="1" alt=""/> Wed, 30 Nov 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-616/ <![CDATA[ZDI-16-615: Moxa SoftCMS AspWebServer URL Processing Double Free Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/oXpc8trbTFE/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. Authentication is not required to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/oXpc8trbTFE" height="1" width="1" alt=""/> Wed, 23 Nov 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-615/ <![CDATA[ZDI-16-614: Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/aOyu8HGZHcA/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/aOyu8HGZHcA" height="1" width="1" alt=""/> Tue, 22 Nov 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-614/ <![CDATA[ZDI-16-613: Foxit Reader JPEG2000 Parsing Use-After-Free Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/shNXvUEnUC0/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/shNXvUEnUC0" height="1" width="1" alt=""/> Tue, 22 Nov 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-613/ <![CDATA[ZDI-16-612: Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/5q7FH3eHMDQ/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/5q7FH3eHMDQ" height="1" width="1" alt=""/> Tue, 22 Nov 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-612/ <![CDATA[ZDI-16-611: Foxit Reader JPEG2000 Parsing Out-Of-Bounds Read Information Disclosure Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/dHjyf2234KY/ This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/dHjyf2234KY" height="1" width="1" alt=""/> Tue, 22 Nov 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-611/ <![CDATA[ZDI-16-610: Foxit Reader JPEG2000 Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ylKmTeqg8UA/ This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/ylKmTeqg8UA" height="1" width="1" alt=""/> Tue, 22 Nov 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-610/ <![CDATA[ZDI-16-609: Apple OS X WindowServer _XSetPerUserConfigurationData Type Confusion Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/70eQXk4reyk/ This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/70eQXk4reyk" height="1" width="1" alt=""/> Tue, 15 Nov 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-609/ <![CDATA[ZDI-16-608: Apple OS X WindowServer _XSetPreferencesForWorkspaces Type Confusion Privilege Escalation Vulnerability]]> http://feedproxy.google.com/~r/ZDI-Published-Advisories/~3/ll-xSH-DGOk/ This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Apple OS X. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.<img src="http://feeds.feedburner.com/~r/ZDI-Published-Advisories/~4/ll-xSH-DGOk" height="1" width="1" alt=""/> Tue, 15 Nov 2016 12:00:00 +0000 http://www.zerodayinitiative.com/advisories/ZDI-16-608/