The code that implements 3D acceleration for OpenGL graphics in Oracle VirtualBox is prone to multiple memory corruption vulnerabilities.

An attacker running code within a Guest operating system can exploit these vulnerabilities in order to escape from the virtual machine and execute arbitrary code on the Host operating system.

Oracle Database Server is prone to a remote vulnerability that allows attackers to poison the data handled by the remote 'TNS Listener' component of the application.

This module tries to verify if the vulnerability is present in the 'TNS Listener' component of the database server, without deploying an agent. If a database instance name is supplied, it will be used to check for the vulnerability against the TNS listener of the target, but this could affect future client connections, as long as the module is running. If no database instance name is supplied, the module will try to register a random name.
Adobe Flash Player is prone to a use-after-free vulnerability when finishing a Worker thread containing a SharedObject.

This vulnerability can be exploited to execute arbitrary code on vulnerable machines by convincing an unsuspecting user to visit a web site containing a specially crafted SWF file.
Subscribe to Impact Professional