CVE-2016-2007
published 2016-04-21CVE-2016-2007: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka…
PriorityP269critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
20.41%
97.2th percentile
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | data_protector | >= 7.0 < 7.03_108 | 7.03_108 |
| hp | data_protector | >= 8.0 < 8.15 | 8.15 |
| hp | data_protector | >= 9.0 < 9.06 | 9.06 |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fmm6-c45g-rqwm: HPE Data Protector before 7
ghsa_unreviewed·2022-05-14
CVE-2016-2007 [CRITICAL] GHSA-fmm6-c45g-rqwm: HPE Data Protector before 7
HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354.
Kernel
namei: allow restricted O_CREAT of FIFOs and regular files
kernel_security·2018-08-23·CVSS 7.2
CVE-2000-1134 [HIGH] namei: allow restricted O_CREAT of FIFOs and regular files
namei: allow restricted O_CREAT of FIFOs and regular files
Disallows open of FIFOs or regular files not owned by the user in world
writable sticky directories, unless the owner is the same as that of the
directory or the file is opened without the O_CREAT flag. The purpose
is to make data spoofing attacks harder. This protection can be turned
on and off separately for FIFOs and regular files via sysctl, just like
the symlinks/hardlinks protection. This patch is based on Openwall's
"HARDEN_FIFO" feature by Solar Designer.
This is a brief list of old vulnerabilities that could have been prevented
by this feature, some of them even allow for privilege escalation:
CVE-2000-1134
CVE-2007-3852
CVE-2008-0525
CVE-2009-0416
CVE-2011-4834
CVE-2015-1838
CVE-2015-7442
CVE-2016-7489
This list is no
Red Hat
kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()
vendor_redhat·2010-07-29·CVSS 7.8
CVE-2010-5321 [HIGH] kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()
kernel: v4l: videobuf: hotfix a bug on multiple calls to mmap()
Memory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.
Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 6, 7 and Red Hat Enterprise MRG 2.
Based on the absence of upstream patch addressing this issue in
Suricata
ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)
suricata·2025-01-27·CVSS 7.8
CVE-2015-1641 [HIGH] ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)
ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)
Rule: alert tcp any any -> $HOME_NET any (msg:"ET HUNTING Microsoft Office Memory Corruption (CVE-2015-1641)"; flow:established,to_client; file.data; content:"|7b 5c|rtf"; content:"|7b 5c 2a 5c|objdata|20|0105000002000000"; content:"6f746b6c6f6164722e5752417373656d626c792e3100"; fast_pattern; nocase; distance:8; content:"d0cf11e0a1b11ae1"; nocase; distance:0; content:"|7c 34 24 04|"; reference:url,degsew.wordpress.com/2016/03/28/new-microst-office-word-2007-2013-exploit-cve-2015-1641-analysis/; reference:cve,2015-1641; classtype:bad-unknown; sid:2059680; rev:1; metadata:attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_01_27, cve CVE_2015_1641, deployment Perimeter, deployment SSLDecrypt, confidence Medium, s
Exploit-DB
Microsoft Excel - OLE Arbitrary Code Execution
exploitdb·2017-09-30
CVE-2017-0199 Microsoft Excel - OLE Arbitrary Code Execution
Microsoft Excel - OLE Arbitrary Code Execution
---
Title: MS Office Excel (all versions) Arbitrary Code Execution Vulnerability
Date: September 30th, 2017.
Author: Eduardo Braun Prado
Vendor Homepage: http://www.microsoft.com/
Software Link: https://products.office.com/
Version: 2007,2010,2013,2016 32/64 bits (x86 and x64)
Tested on: Windows 10/8.1/8.0/7/Server 2012/Server 2008/Vista (X86 and x64)
CVE: 2017-0199
Description:
MS Excel contains a remote code execution vulnerability upon processing OLE objects. Although this is a different issue from the
MS Word HTA execution vulnerability, it has been patched together, 'silently'. By performing some tests from the Word HTA PoC posted
on exploit-db[dot]com, it´s possible to exploit it through Excel too, however the target would ne
Exploit-DB
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
exploitdb·2016-08-10·CVSS 7.8
CVE-2016-3313 [HIGH] Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
Microsoft Word 2007/2010/2013/2016 - Out-of-Bounds Read Code Execution (MS16-099)
---
#####################################################################################
# Application: Microsoft Office Word
# Platforms: Windows, OSX
# Versions: Microsoft Office Word 2007,2010,2013,2016
# Author: Sébastien Morin of COSIG
# Website: https://cosig.gouv.qc.ca/en/advisory/
# Twitter: @SebMorin1, @COSIG_
# Date: August 09, 2016
# CVE: CVE-2016-3313
# COSIG-2016-31
#####################################################################################
1) Introduction
2) Report Timeline
3) Technical details
4) POC
#######################################################################################
1) Introduction
Microsoft Word is a word processor developed by Microsoft. It was first re
Exploit-DB
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
exploitdb·2016-04-14·CVSS 7.8
CVE-2016-0122 [HIGH] Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)
---
#######################################################################################
# Title: Microsoft Office Excel Out-of-Bounds Read Remote Code Execution
# Application: Microsoft Office Excel
# Affected Products: Microsoft Office Excel 2007,2010,2013,2016
# Software Link: https://products.office.com/en-ca/excel
# Date: April 12, 2016
# CVE: CVE-2016-0122 (MS16-042)
# Author: Sébastien Morin from COSIG
# Contact: https://twitter.com/COSIG_ (@COSIG_)
# Personal contact: https://smsecurity.net/; https://twitter.com/SebMorin1 (@SebMorin1)
#######################################################################################
Introduction:
Microsoft Excel is a spreadsheet developed by Microsoft for Windows, Mac OS X
Exploit-DB
SkilMatch Systems JobLister3 - 'index.php' SQL Injection
exploitdb·2007-07-13
CVE-2007-4359 SkilMatch Systems JobLister3 - 'index.php' SQL Injection
SkilMatch Systems JobLister3 - 'index.php' SQL Injection
---
source: https://www.securityfocus.com/bid/25296/info
JobLister3 is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
http://www.example.com/index.php?mode=showbyID&jobid=99786'%20union%20all%20select%20something%20from%20something/*
http://www.example.com/index.php?mode=showbyID&jobid=99786'%20or%201=1/*
http://www.example.com/index.php?mode=showbyID&jobid=99786'%20order%20by%2016/*
Bugzilla
CVE-2016-5177 chromium-browser: use after free in v8
bugzilla·2016-09-30·CVSS 8.8
CVE-2016-5177 [HIGH] CVE-2016-5177 chromium-browser: use after free in v8
CVE-2016-5177 chromium-browser: use after free in v8
A use after free flaw was found in the V8 component of the Chromium browser.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=642496
External References:
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_29.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1380634]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:2007 https://rhn.redhat.com/errata/RHSA-2016-2007.html
Bugzilla
CVE-2016-5178 chromium-browser: various fixes from internal audits
bugzilla·2016-09-30·CVSS 9.8
CVE-2016-5178 [CRITICAL] CVE-2016-5178 chromium-browser: various fixes from internal audits
CVE-2016-5178 chromium-browser: various fixes from internal audits
Various fixes from internal audits, fuzzing and other initiatives.
Upstream bug(s):
https://code.google.com/p/chromium/issues/detail?id=651092
External References:
https://googlechromereleases.blogspot.com/2016/09/stable-channel-update-for-desktop_29.html
Discussion:
Created chromium tracking bugs for this issue:
Affects: fedora-all [bug 1380634]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2016:2007 https://rhn.redhat.com/errata/RHSA-2016-2007.html
http://www.securitytracker.com/id/1035631http://www.zerodayinitiative.com/advisories/ZDI-16-247https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988http://www.securitytracker.com/id/1035631http://www.zerodayinitiative.com/advisories/ZDI-16-247https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05085988
2016-04-21
Published