Vulnerability Summary for the Week of March 7, 2016

Inserito da 21 Marzo, 2016 (0) Commenti

Si tratta di :English Articles,ICT and Computer Security

cretino-11-e1334646540518

ITA

Questo articolo è scritto per te che “non capisci di esser abbastanza cretino” e   ti credi molto perspicace e intelligente, una persona che snobba gli articoli e non ha bisogno di niente e prima si iscrive alla newsletter del mio sito e poi si lamenta cancellandosi dalla newsletter.

ENG

This article is written for you that fairly stupid” and you think you’re very perceptive and intelligent, a person who snubs the articles and did not need anything and before he enrolled at the site of my newsletter and then complains removing himself from the newsletter.

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
adobe — digital_editions Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. 2016-03-09 10.0 CVE-2016-0954
adobe — acrobat Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009. 2016-03-09 10.0 CVE-2016-1007
adobe — acrobat Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1007. 2016-03-09 10.0 CVE-2016-1009
adobe — acrobat Untrusted search path vulnerability in Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. 2016-03-09 7.2 CVE-2016-1008
microsoft — .net_framework Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signatures via a modified document, aka “.NET XML Validation Security Feature Bypass.” 2016-03-09 10.0 CVE-2016-0132
microsoft — infopath Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-03-09 9.3 CVE-2016-0021
microsoft — windows OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0091. 2016-03-09 9.3 CVE-2016-0092
microsoft — windows Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0098
microsoft — windows Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka “Windows Media Parsing Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0101
microsoft — windows The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0117
microsoft — windows The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka “Windows Remote Code Execution Vulnerability.” 2016-03-09 9.3 CVE-2016-0118
microsoft — windows The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2016-03-09 9.3 CVE-2016-0121
microsoft — office Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka “Microsoft Office Memory Corruption Vulnerability.” 2016-03-09 9.3 CVE-2016-0134
microsoft — internet_explorer Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0102
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0103
microsoft — internet_explorer Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability.” 2016-03-09 7.6 CVE-2016-0104
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0107, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0105
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0106
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0111, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0107
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0108
microsoft — internet_explorer Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0114. 2016-03-09 7.6 CVE-2016-0109
microsoft — internet_explorer Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability.” 2016-03-09 7.6 CVE-2016-0110
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Browser Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0111
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0113. 2016-03-09 7.6 CVE-2016-0112
microsoft — internet_explorer Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112. 2016-03-09 7.6 CVE-2016-0113
microsoft — internet_explorer Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109. 2016-03-09 7.6 CVE-2016-0114
microsoft — internet_explorer Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0116
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0123
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0124
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130. 2016-03-09 7.6 CVE-2016-0129
microsoft — edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka “Microsoft Edge Memory Corruption Vulnerability,” a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129. 2016-03-09 7.6 CVE-2016-0130
microsoft — office Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not properly sign an unspecified binary file, which allows local users to gain privileges via a Trojan horse file with a crafted signature, aka “Microsoft Office Security Feature Bypass Vulnerability.” 2016-03-09 7.2 CVE-2016-0057
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0093
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0094
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096. 2016-03-09 7.2 CVE-2016-0095
microsoft — windows The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka “Win32k Elevation of Privilege Vulnerability,” a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095. 2016-03-09 7.2 CVE-2016-0096
microsoft — windows The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka “Secondary Logon Elevation of Privilege Vulnerability.” 2016-03-09 7.2 CVE-2016-0099
microsoft — windows The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka “OpenType Font Parsing Vulnerability.” 2016-03-09 7.1 CVE-2016-0120

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka “Windows OLE Memory Remote Code Execution Vulnerability,” a different vulnerability than CVE-2016-0092. 2016-03-09 6.8 CVE-2016-0091

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — edge Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka “Microsoft Edge Information Disclosure Vulnerability.” 2016-03-09 2.6 CVE-2016-0125

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0960
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0961
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0962
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0993 and CVE-2016-1010. 2016-03-12 N/A CVE-2016-0963
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0989, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0986
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0987
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0988
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0992, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0989
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0990
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0991
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-1002, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-0992
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-1010. 2016-03-12 N/A CVE-2016-0993
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code by using the actionCallMethod opcode with crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0994
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0995
Adobe — Flash Player Use-after-free vulnerability in the setInterval method in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via crafted arguments, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0997, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0996
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0997
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0998
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000. 2016-03-12 N/A CVE-2016-0999
Adobe — Flash Player Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. 2016-03-12 N/A CVE-2016-1000
Adobe — Flash Player Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors. 2016-03-12 N/A CVE-2016-1001
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005. 2016-03-12 N/A CVE-2016-1002
Adobe — Flash Player Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1002. 2016-03-12 N/A CVE-2016-1005
Adobe — Flash Player Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0963 and CVE-2016-0993. 2016-03-12 N/A CVE-2016-1010
Android — mediaserver The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 26365349. 2016-03-12 N/A CVE-2016-0815
Android — mediaserver mediaserver in Android 6.x before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to decoder/ih264d_parse_islice.c and decoder/ih264d_parse_pslice.c, aka internal bug 25928803. 2016-03-12 N/A CVE-2016-0816
Android — Conscrypt The caching functionality in the TrustManagerImpl class in TrustManagerImpl.java in Conscrypt in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 mishandles the distinction between an intermediate CA and a trusted root CA, which allows man-in-the-middle attackers to spoof servers by leveraging access to an intermediate CA to issue a certificate, aka internal bug 26232830. 2016-03-12 N/A CVE-2016-0818
Android — Qualcomm performance The Qualcomm performance component in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 25364034. 2016-03-12 N/A CVE-2016-0819
Android — MediaTek The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application, aka internal bug 26267358. 2016-03-12 N/A CVE-2016-0820
Android — Linux kernel The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636. 2016-03-12 N/A CVE-2016-0821
Android — MediaTek The MediaTek connectivity kernel driver in Android 6.0.1 before 2016-03-01 allows attackers to gain privileges via a crafted application that leverages conn_launcher access, aka internal bug 25873324. 2016-03-12 N/A CVE-2016-0822
Android — Linux kernel The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721. 2016-03-12 N/A CVE-2016-0823
Android — Widevine The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. 2016-03-12 N/A CVE-2016-0825
Android — mediaserver libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted application that directly dumps, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26265403. 2016-03-12 N/A CVE-2016-0826
Android — mediaserver Multiple integer overflows in libeffects in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 allow attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, related to EffectBundle.cpp and EffectReverb.cpp, aka internal bug 26347509. 2016-03-12 N/A CVE-2016-0827
Android — mediaserver The BnGraphicBufferConsumer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not initialize a certain slot variable, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering an ATTACH_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338113. 2016-03-12 N/A CVE-2016-0828
Android — mediaserver The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109. 2016-03-12 N/A CVE-2016-0829
Android — DTE Energy Insight application The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter. 2016-03-11 N/A CVE-2016-1562
Android — mediaserver libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.0 before 2016-03-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, related to libwebm/mkvparser.cpp and other files, aka internal bug 23452792. 2016-03-12 N/A CVE-2016-1621
Android — libstagefright libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591. 2016-03-12 N/A CVE-2016-0824
Android — Bluetooth btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows remote attackers to cause a denial of service (memory corruption and persistent daemon crash) by triggering a large number of configuration entries, and consequently exceeding the maximum size of a configuration file, aka internal bug 26071376. 2016-03-12 N/A CVE-2016-0830
Android — Telephony The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE permission, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 25778215. 2016-03-12 N/A CVE-2016-0831
Android — Setup Wizard Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042. 2016-03-12 N/A CVE-2016-0832
Apple — Apple Software Update Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. 2016-03-13 N/A CVE-2016-1731
Cisco — HTTPS inspection engine The HTTPS inspection engine in the Content Security and Control Security Services Module (CSC-SSM) 6.6 before 6.6.1164.0 for Cisco ASA 5500 devices allows remote attackers to cause a denial of service (memory consumption or device reload) via a flood of HTTPS packets, aka Bug ID CSCue76147. 2016-03-09 N/A CVE-2016-1312
Cisco — administration interface The administration interface on Cisco DPC3939B and DPC3941 devices allows remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCus49506. 2016-03-09 N/A CVE-2016-1325
Cisco — administration interface The administration interface on Cisco DPQ3925 devices with firmware r1 allows remote attackers to cause a denial of service (device restart) via a crafted HTTP request, aka Bug ID CSCup48105. 2016-03-09 N/A CVE-2016-1326
Cisco — web server Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935. 2016-03-09 N/A CVE-2016-1327
Cisco — TelePresence Video Communication Server Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 allows remote authenticated users to cause a denial of service (VoIP outage) via a crafted SIP message, aka Bug ID CSCuu43026. 2016-03-11 N/A CVE-2016-1338
Cisco — Prime LAN Management Solution Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same database decryption key across different customers’ installations, which allows local users to obtain cleartext data by leveraging console connectivity, aka Bug ID CSCuw85390. 2016-03-11 N/A CVE-2016-1360
Cisco — IOS XR Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 devices does not properly check for a Bidirectional Forwarding Detection (BFD) header in a UDP packet, which allows remote attackers to cause a denial of service (line-card restart) via a crafted packet, aka Bug ID CSCuw56900. 2016-03-11 N/A CVE-2016-1361
Debian — jessie pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie lacks a namespace check associated with file-descriptor passing, which allows local users to capture keystrokes and spoof data, and possibly gain privileges, via pts read and write operations, related to debian/sysdeps/linux.mk. NOTE: this is not considered a vulnerability in the upstream GNU C Library because the upstream documentation has a clear security recommendation against the –enable-pt_chown option. 2016-03-13 N/A CVE-2016-2856
EMC — Documentum xCP EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows remote authenticated users to obtain sensitive user-account metadata via a members/xcp_member API call. 2016-03-09 N/A CVE-2016-0886
Google — Chrome The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage “type confusion.” 2016-03-13 N/A CVE-2016-1643
Google — Chrome WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document. 2016-03-13 N/A CVE-2016-1644
Google — Chrome Multiple integer signedness errors in the opj_j2k_update_image_data function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 49.0.2623.87, allow remote attackers to cause a denial of service (incorrect cast and out-of-bounds write) or possibly have unspecified other impact via crafted JPEG 2000 data. 2016-03-13 N/A CVE-2016-1645
IBM — Tivoli Monitoring The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. 2016-03-11 N/A CVE-2015-7411
IBM — Flash System V9000 Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. 2016-03-12 N/A CVE-2015-7446
IBM — Maximo Asset Management IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote authenticated users to bypass intended access restrictions and read arbitrary purchase-order work logs via unspecified vectors. 2016-03-13 N/A CVE-2016-0222
IBM — Maximo Asset Management Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. 2016-03-13 N/A CVE-2016-0262
IBM — Maximo Asset Management SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. 2016-03-12 N/A CVE-2015-7448
IBM — WebSphere Commerce IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and 8.x before 8.0.0.3 allows remote attackers to cause a denial of service (order-processing outage) via unspecified vectors. 2016-03-13 N/A CVE-2016-0208
ISC — BIND named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a malformed packet to the rndc (aka control channel) interface, related to alist.c and sexpr.c. 2016-03-09 N/A CVE-2016-1285
ISC — BIND named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted signature record for a DNAME record, related to db.c and resolver.c. 2016-03-09 N/A CVE-2016-1286
ISC — BIND resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS cookies are enabled, allows remote attackers to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed packet with more than one cookie option. 2016-03-09 N/A CVE-2016-2088
ISC — DHCP ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions. 2016-03-09 N/A CVE-2016-2774
microsoft — internet_explorer The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) via a malformed Cascading Style Sheets (CSS) token sequence in conjunction with modifications to HTML elements, aka “Internet Explorer Memory Corruption Vulnerability,” a different vulnerability than CVE-2015-6048 and CVE-2015-6049. 2016-03-09 N/A CVE-2015-6184
microsoft — windows Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka “Windows Elevation of Privilege Vulnerability.” 2016-03-09 N/A CVE-2016-0087
microsoft — windows Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library loading, which allows local users to gain privileges via a crafted application, aka “Library Loading Input Validation Remote Code Execution Vulnerability.” 2016-03-09 N/A CVE-2016-0100
microsoft — windows The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka “USB Mass Storage Elevation of Privilege Vulnerability.” 2016-03-09 N/A CVE-2016-0133
Mozilla — Firefox Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. 2016-03-13 N/A CVE-2016-1950
Mozilla — Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2016-03-13 N/A CVE-2016-1952
Mozilla — Firefox Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. 2016-03-13 N/A CVE-2016-1953
Mozilla — Firefox The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. 2016-03-13 N/A CVE-2016-1954
Mozilla — Firefox Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. 2016-03-13 N/A CVE-2016-1955
Mozilla — Firefox Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. 2016-03-13 N/A CVE-2016-1956
Mozilla — Firefox Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. 2016-03-13 N/A CVE-2016-1957
Mozilla — Firefox browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. 2016-03-13 N/A CVE-2016-1958
Mozilla — Firefox The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. 2016-03-13 N/A CVE-2016-1959
Mozilla — Firefox Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. 2016-03-13 N/A CVE-2016-1960
Mozilla — Firefox Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. 2016-03-13 N/A CVE-2016-1961
Mozilla — Firefox Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. 2016-03-13 N/A CVE-2016-1962
Mozilla — Firefox The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. 2016-03-13 N/A CVE-2016-1963
Mozilla — Firefox Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. 2016-03-13 N/A CVE-2016-1964
Mozilla — Firefox Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. 2016-03-13 N/A CVE-2016-1965
Mozilla — Firefox The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. 2016-03-13 N/A CVE-2016-1966
Mozilla — Firefox Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. 2016-03-13 N/A CVE-2016-1967
Mozilla — Firefox Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. 2016-03-13 N/A CVE-2016-1968
Mozilla — Firefox The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.6.1, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-1969
Mozilla — Firefox Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1970
Mozilla — Firefox The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1971
Mozilla — Firefox Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1972
Mozilla — Firefox Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. 2016-03-13 N/A CVE-2016-1973
Mozilla — Firefox The nsScannerString::AppendUnicodeTo fynction in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. 2016-03-13 N/A CVE-2016-1974
Mozilla — Firefox Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1975
Mozilla — Firefox Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. 2016-03-13 N/A CVE-2016-1976
Mozilla — Firefox The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-1977
Mozilla — Firefox Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. 2016-03-13 N/A CVE-2016-1978
Mozilla — Firefox Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. 2016-03-13 N/A CVE-2016-1979
Mozilla — Firefox The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2790
Mozilla — Firefox The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2791
Mozilla — Firefox The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. 2016-03-13 N/A CVE-2016-2792
Mozilla — Firefox CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2793
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2794
Mozilla — Firefox The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2795
Mozilla — Firefox Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2796
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. 2016-03-13 N/A CVE-2016-2797
Mozilla — Firefox The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2798
Mozilla — Firefox Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2799
Mozilla — Firefox The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. 2016-03-13 N/A CVE-2016-2800
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. 2016-03-13 N/A CVE-2016-2801
Mozilla — Firefox The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. 2016-03-13 N/A CVE-2016-2802
Samba — smbd The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. 2016-03-13 N/A CVE-2015-7560
Samba — internal DNS server The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4, when an AD DC is configured, allows remote authenticated users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from process memory by uploading a crafted DNS TXT record. 2016-03-13 N/A CVE-2016-0771
Schneider — Electric Telvent Sage Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet. 2016-03-11 N/A CVE-2015-6485

 

Categories : English Articles,ICT and Computer Security Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

UBS holding

Inserito da 1 Gennaio, 2011 (0) Commenti

Si tratta di :Unsorted comments

UBS International Holdings BV Herengracht 600 NL-1017 CJ Amsterdam, Netherlands. www.ubs.com/investmentbank Greetings, First, I am grateful for your reply to my email. I got your email address from a foreign mission guestbook during my search in the internet. Recently I discovered that an account belonging to Abbas Farhan al-Jabouri, who was an Election candidate and also a business man made a numbered of fixed deposit, with a value of Eight million, five Hundred thousand Dollars only (US$ 8.5million) into an account with UBS International Holdings BV. Upon maturity, several notice was sent to him, but there was no response. Again, January this year, another notification was sent and still no response came from him. We later find out that Abbas Farhan al-Jabouri and his two relatives had been executed in Mohammed al Malih, near Mandali onthe 29th of January 2009. For more enquiry about the death of Abbas Farhan al-Jabouri, click the link below; http://www.iraqbodycount.org/database/incidents/k12147 After further inquiries, it was discovered that Abbas Farhan al-Jabouri did not declare any next of kin in his official papers, including the paper work of his bank deposit. The last time he came to my office, he confided in me that no one knew of this deposit in my bank. What bothers me most is that according to the laws of my country, at the expiration of seven{7} years, the funds will be revert to the ownership of the Netherlands Government, if nobody applies to claim it. Against this backdrop, my suggestion to you is that I will like to front you as a foreigner to stand as the next of kin to Abbas Farhan al-Jabouri, so that you will be able to receive his funds. MODALITIES: I want you to know that all modalities for the successful of this transfer to you have been mapped out and success is 100% sure, because I have the full support and cooperation of late Abbas Farhan al-Jabouri’s personal attorney (Barr. Van Den Berg), and he will prepare the necessary documents that will back you up as the next of kin to Abbas Farhan al-Jabouri, all that is required from you is to provide me with your Full Names and Address, so that the attorney can commence his job. After you have been made the next of kin, the attorney will file for claims on your behalf and also secure the necessary approval and letter of probate in your favor for the movement of the funds to an account that will be provided by you. We are going to adopt a legalized method because the attorney will prepare all necessary documents in your favor. There is a reward for this project and it is a task well worth undertaking. There is no risk involved at all in our planned modalities, I have evaluated the risks and the only risk I have here is your refusing to work with me and alerting UBS International Holdings BV. I am the only one who knows of this situation, good fortune has bless you with a name that has planted you into the center of relevance in my life. Please endeavor to observe utmost discretion in all matters concerning this issue. Once the funds have been transferred to your nominated bank account, we shall share in the ratio of 50% for me, 50% for you. I send you this mail not without a measure of fear as to what the consequences, but I know within me that nothing ventured is nothing gained and that success and riches never come easy or on a platter of gold. Please observe this instructions religiously. Should you be interested please send me your: 1. Full names: 2. Residence address: 3. Private telephone: And finally after that I shall furnish you with more information about this operation. Your earliest response to this letter will be appreciated. Warmest Regards, Mr. Beuker Hendrik Investment Consultant. UBS.

Categories : Unsorted comments Tags : , , , , , , , , , , , , , , ,

today I am a little tired

Inserito da 27 Ottobre, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

An email sent to thousands of addresses picked up on the Internet, beware hidden behind an organization that has nothing to do with a Russian girl. Attention is just a scam!


Hello ????? !!! How are you doing? My name is Albina. I am happy to write to you. I have yours e-mail and I am glad to write to you!. It really brings to me pleasure, that I have received the answer to my letter! I wish to tell at once, that I have sent that message two more other men, from your country But I should To tell, that till this time I have not received more any letters back. I wish to be Fair with you and to have your trust from the first letters! I shall ask you, that you also wer always fair with me. I do not think, that there is a sense to speak lie. You agree with me? I dared to write to the first to whom or through the Internet. I should be grateful to it to my girlfriend Liza. My girlfriend Liza has found the good person through the Internet in the French city Le Mans. They are very happy together. Now they have already concluded marriage and live In France. I am very happy for them. And I as have decided to find the good person Through the Internet. As I did not know the Frenc language, I have decided to search in the USA. I not unitary heard that Americans very good people and among them – very much Remarkable men. You know, I heard many stories about happy marriage The Russian woman and the American men. I wish to tell to you, that I do not search for an easy life. I search for my HAPPINESS in a life. You understand? I like to work, I like to have a fair life. I dream to create family and to care of my husband. I want, that me favourite and also cared. I love tenderness and kindness in the person. Also I love the decent and fair person. I still young and I wish to think of my family. I wish to create family in more goo Conditions for a life. I shall not disappear, I have met some men from Russia, But these attitudes were not long, as the majority of the Russian men roughly in The attitude with woman. Many have propensity to alcohol. I have greater animosities To men who use too much alcohol. I had the father who is seen constantly and fought by my mum. When to me of 8 years, it has bee executed, have died from Alcoholic poisonings. My mum very urgently shouted. But it bore, also it has found good the Man which loves it and is not drunk with alcohol. They live together 19 years. It has replaced To me father. As I spoke earlier to me 30 years. I have been born on December, 5 1980. My growth – 168 centimeters, and weight of 50 kg. On nationality I of Russian, I trust in god, and I am orthodox the Christian. I have been born, and I live in city Izhevsk. It is small beautiful small city city. In it it – is a lot of from Beautiful places: parks, area. My city is located Far to capital of Russia of the city of Moscow. Distance up to my city Izhevsk from Moscow of 1250 kilometers. My favourite season this summer. We with family often leave for limits Cities. I like to spend time in the summer on the nature. I like to go, collecting beautiful flowers. Sometimes easier to lay and look at the sky. To observe from clouds. They sometimes accept very amusing figures. For me summer the best – time. Now in Russia the autumn , here again weather already becomes cool and often there are rains. It is necessary to put on in warm clothes. Often simply it would not be desirable to leave from the house for the reason that it is very cold! I have the maximum economic formation. I have a trade of the economist. But I do not work as the economist because it is very difficult to find free vacancy on an economic trade. In Russia it is very complex to find well paid work but as I very much adored Fitness, I had other rates on study and now I work as the seller in shop. As I should tell to you, that I dont have a computer at home, and I use a computer in the Internet of cafe! I should inform you, that I cannot write to you every day. And consequently I cannot write to you Every day. But I shall try to answer at once all your letters. I also did not think, that so many men will search for love on the Internet! In our city there are no many opportunities to get acquainted with men from other countries. As I awfully address with a computer, my girlfriend Liza has helped me to address with a computer. It to me even has created a structure on site Yahoo. I very much was surprised, when have learned from my girlfriend that it is necessary to use a credit card for this purpose. At me never was a credit card and I could not search for the person on the Internet at all, without the help of my girlfriend. When I saw your profile, my search has stopped on you. I have stopped attention to you. I hope, also, that you will not ignore me? I seem, already have written very much. I am afraid, that there will be no information for the following letter. Attempt humour!!! I shall speak you the rest in the following letter. I would like it, also you have written to me about you directly and Your city. I never was outside of Russia, and it is very interesting for learning to me about your life in America. I placed my photo in my letter. I hope, what you have found its good? I with impatience shall wait to receive news from you. And also me it would be very pleasant, if you will send your pictures for me. Your new Russian friend Albina. albinabinna@yahoo.com

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Mrs. Johanne brunet Five Hundred Thousand Euros only

Inserito da 7 Ottobre, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

e-mail from a stupid idiot in search of other people’s money

 

Your e-mail address have just won for you the sum of 500.000.00 euros (Five Hundred Thousand Euros only ) contact this office for more detail DR.PAULY ULRICH .TEL:+34 634 104 352 .Email address.  (claimsremittance09@aol.es)
Once again congratulations. Your email address has brought to you this expected luck,contact Dr.Pauly Ulrich with the following informations.

Ticket Nr. 4 16 19 25 27 40
(ii) Lucky Nr SPX56789
(iii) Reference Nr.: 5687SPL8
(iv) Batch Nr SPYU6868

Mrs. Johanne brunet
Lottery coordinator)

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , ,

BMW e-LOTTERY BONANZA 2010 FINAL NOTICE

Inserito da 4 Ottobre, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

SCAM SCAM SCAM

 

This is to inform you that you have won a prize of ?850,000.00 (Eight hundred and fifty thousand Great British Pounds) and a brawn new BMW Car from the BMW e-LOTTERY BONANZA International programes for the month of SEPTEMBER 2010 Lottery promotions.
We congratulate you for being one of the ten person selected from the web search draw.

You are to contact our fiduciary claims department with your

identification numbers:
Batch number…………………X7PYWM2007
Reff number…………………..BMW2551256003/23

CONTACT FIDUCIARY AGENT AS SOON AS POSSIBLE

SIR. JAMES MOORE
Email: bmw2010finals@gmail.com
Congratulations again from all our staff and thank you for being part of our promotional programe.
MR.JEFFERY ANDERSON
THE PROMOTIONAL DIRECTOR
BMW PUBLIC RELATIONS DEPARTMENT

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , ,

Mr.Song Lile Still Awaiting Your Response..

Inserito da 19 Agosto, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

Mr.Song Lile
Hang Seng Bank Ltd.
Sai Wan Ho Branch,
83, Des Voeux Road,
Hong Kong.

Good Day,

Please kindly accept my apology for sending you this email without your
consent. I believe you are a highly respected personality, considering the
fact that I sourced your profile from the peoples search database on the
web during my descret search for a foreign partner whom can assist me in
taking this business to it success. Though, I do not know to what extent
you are familiar with events. I have a proposal for you.This however is
not mandatory nor will I in any manner compel you to honor against your
will, but I hope you will read on and consider the value I offer.
My name is Mr. Song Lile, I am the credit officer in Hang Seng Bank, Hong
Kong. I have a business proposal in the tune of 19.5m US to be transferred
to an offshore account with your assistace if willing.

After the successful transfer, we shall share in ratio of 30% for you and
70% for me. Should you be interested, please respond to my letter
immediately, so we can commence all arrangements and I will give you more
information on the project and how we would handle it.

You can contact me on my private email:( lile.song773@yahoo.com.hk )
and send me the following information for documentation purpose:

1. Full names
2. Private phone number
3. Current residential address

I look forward to hearing from you.

Kind Regards,
Mr. Song Lile.

http://en.hoax.it/index.php?option=com_content&view=article&id=85:urgentfrom-mr-li&catid=36:hoaxes

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , , , , , , ,

ATTENTION…..LIU YAN…13/05/2010

Inserito da 17 Maggio, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

spam only spam, trash !

FROM: Liu Yan
Bank of China Ltd.
13/F. Bank of China Tower
1 Garden Road
Hong Kong,

I sincerely ask for forgiveness for I know this may seem like a complete
intrusion to your privacy but right about now this is my best option of
communication. This mail might come to you as a surprise and the
temptation to ignore it as frivolous could come into your mind; but please
consider it a divine wish and accept it with a deep sense of humility

This letter must surprise you because we have never meet before neither in
person nor by correspondence, but I believe that it takes just one day to
meet or know someone either physically or through correspondence.

I got your contact through my personal search, you were revealed as being
quite astute in private entrepreneurship, and one has no doubt in your
ability to handle a financial business transaction. I am Liu Yan a
transfer supervisor operations in investment section in Bank of China Ltd.
Secretariat of the BOCHK Charitable Foundation 13/F. Bank of China Tower,
1 Garden Road, Hong Kong I have an obscured business suggestion for
you. Before the U.S and Iraqi war our client General Mohammed Jassim Ali
who work with the Iraqi forces and also business man made a numbered fixed
deposit for 18 calendar months, with a value of (I will disclose amount
upon your reply) in my branch.

Upon maturity several notices was sent to him, even early in the war, again
after the war another notification was sent and still no response came
from him, We later find out that General Mohammed Jassim Ali and his family
had been killed during the war in a bomb blast that hit their home.

After further investigation it was also discovered that General Mohammed
Jassim Ali did not declare any next of kin in his official papers
including the paper work of his bank deposit. And he also confided in me
the last time he was at my office that no one except me knew of his
deposit in my bank. So, (I will disclose amount upon your reply) is still
lying in my bank and no one will ever come forward to claim it. What
bothers me most is that, according to the laws of my country at the
expiration 3 years the funds will revert to the ownership of the Hong Kong
Government if nobody applies to claim the funds.

Against this backdrop, my suggestion to you is that I will like you as a
foreigner to stand as the next of kin to General Mohammed Jassim Ali so
that you will be able to receive his funds. I want you to know that I have
had everything planned out so that we shall come out successful.

I have contacted an attorney who will prepare the legal documents that
will back you up as the next of kin to General Mohammed Jassim Ali, all
what is required from you at this stage is for you to provide me with your
Full Names, private phone number and Address so that the attorney can
commence his job. After you have been made the next of kin, the attorney
will also fill in for claims on your behalf and secure the necessary
approval and letter of probate in your favor for the transfer of the funds
to an account that will be provided by you with my guidance. There is no
risk involved at all in the matter as we are going adopt a legalized
method and the attorney will prepare all the necessary documents.

Please endeavor to observe utmost discretion in all matters concerning
this issue.
Once the funds have been transferred to your nominated bank account we
shall discuss the percentage issue on your reply.

If you are interested please send me your full names and current
residential address, and I will prefer you to reach me on my private and
secure email address below and finally after that I shall provide you with
more details of this operation.

Best Regards

Liu Yan

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , , , , , , , , , , , ,

Mr. Patrick K. Chan Lucrative business Proposal hang seng Bank Ltd From Hong Kong

Inserito da 16 Maggio, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

trash it, only a hoax

FROM: Mr. Patrick K. W Chan
(Executive Director)
Hang Seng Bank Limited
83 Des Voeux Road, Central
Hong Kong SAR.

It is understandable that you might be a little bit apprehensive because you do not know me but I have a Lucrative Business Proposal of mutual interest to share with you. I got your reference in my search for someone who suits my proposed business relationship.

I am Mr. Patrick K. W Chan Executive Director of Hang Seng Bank Ltd. I have an obscured business suggestion for you. I will need you to assist me in executing a business project from Hong Kong to your country. It involves the transfer of a large sum of money. Everything concerning this transaction shall be legally done without hitch. Please endeavor to observe utmost discretion in all matters concerning this issue.

Once the funds have been successfully transferred into your account, we shall share in the ratio to be agreed by both of us.

I will prefer you reach me on my private email address below (ppkchan83@yahoo.com.hk) and finally after that I shall furnish you with more information’s about this operation.

Please if you are not interested delete this email and do not hunt me because I am putting my career and the life of my family at stake with this venture. Although nothing ventured is nothing gained.Do send me the following details when responding back to me.

Your Full Names:
Phone and Fax:
Country.

Your earliest response to this letter will be appreciated.

Kind Regards,

Mr.Patrick K. W Chan.

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , , , , , , , , ,

Buisness From UK…Urgent

Inserito da 3 Maggio, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

it’s only a hoax !! trash it

 

Dear Friend,

I am Mr George krynicki  a personal chief financial treasurer to Mikhail
Khodorkovsky the Richest man in Russia and owner of the following companies: Chairman CEO: YUKOS OIL (Russian Largest Oil Company) Chairman CEO: Menatep SBP Bank (A well reputable financial institution with it?s Branches all over the world) SOURCE OF FUNDS: I have a profiling amount to the tune of ($15,100,000.00) (Fifteen million,one hundred thousand dollars)  which I seek your Partnership in accommodating for me. You will be rewarded with 30% of the total sum for your partnership. Can you be my partner on this? Already the funds have left the shore of Russia through diplimatic means to a European Holding financial institution where the final crediting is expected to be carried out. While I was on the process, My Boss got arrested for his Involvement in politics by financing the leading And opposing political parties (the Union of Right Forces, led by Boris Nemtsov, and Yabloko, a liberal/social democratic party Led by Gregor Yavlinsky) which posed a great treat to President Vladimir Putin Second Tenure as
http://www.supportmbk.com
http://news.bbc.co.uk/1/hi/

business/3213505.stm
http://newsfromrussia.com/main/2003/11/13/51215.html
http://newsfromrussia.com/main/2005/03/29/58914.html
http://www.nationmaster.com/encyclopedia/Mikhail-khodorkovsky
http://newsfromrussia.com/main/2003/11/13/51215.html YOUR ROLE:
These funds are secured in as escrow account in finanacial institution in the United Kingdom and can be transferred from the escrow account to your personal or business account once you have assured me of your ability and capacity to receive the funds for disbursement amongst the two of us at a ration i stated above. The funds were deposited in my name as a front for my client and all documents in relation to this bears my name to avoid the search by the government, so you need not entertain any worries.

To verify, please call the ATM Number of the Bank: +447005807937, I would provide you the Escrow account details of the offshore account to enable you verify the existence of these funds. Once you have verified and you are in a position to assist in receiving the funds on my behalf, then I would provide you more details.

All I need from you is to stand as the beneficiary of the above quoted sum and I will re-profile the funds with your name, which will enable the European Holding financial institution transfer the sum to you. I have decided to use this sum to relocate to American continent and never to be connected to any of Mikhail khodorkovsky conglomerates. The transaction has to be concluded within 5 to 10 working days, as soon as I confirm your readiness to conclude the transaction with me. Contact me via my private box jef.rice1@ciudad.com.ar so that I can furnish you with more details. Thank you very much.

Regards,
George krynicki [Mr]
georgekrynicki@ciudad.com.ar

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , , , , , , , , , , ,

my names is olga, spam

Inserito da 3 Maggio, 2010 (0) Commenti

Si tratta di :English Articles,hoaxes

pay attention is only a spam, trash it !!!!

Greetings!
My name is Olga! I am 29 years old.
I addressed in agency acquaintances. When I have specified, how I
search for type of the man. Me have told to approach in 1 week. When I
have again come to agency of acquaintances, to me have told yours
email adress. I am a teacher and i like my work very much.
I work with children and  Now I have an opportunity to write to you I am an
interesting, beautiful, kind and single young lady. I want to find my
love, my half and want to marry him. I am looking for a man who will
fall in love with me and I will fall in love with him. I have never
been married but I dream about it. I am fond of children and I dream
about a happy family with the beloved man. I am interested in music,
cooking, reading, traveling and others. I know English very good and
can easily speak!!

If you are interested in me please write me on my e-mail:  letogo990@yahoo.com

Please write me and I will send you my photos.
I wait for your letter very much.
Olga.

Categories : English Articles,hoaxes Tags : , , , , , , , , , , , , , , , , , ,