Fedora 24 : webkitgtk4 (2017-0f38995622)

Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...

Fedora 25 : webkitgtk4 (2017-25ffd5b236)

Highlights of the 2.16.0 release : - Hardware acceleration is now enabled on demand to drastically reduce memory consumption. - CSS Grid Layout is enabled by default. - New WebKitSetting to set the hardware acceleration policy. - UI process API to configure network proxy settings. - Improved...

shopify-scripts: SIGSEGV in mrb_vm_exec

PoC ------------------- The following code triggers the bug attached as testmrbvmexec.rb: def methodmissingmeth,argsyieldmeth,argsend enumfor.next Debug - mirb ------------------- x@x:/Desktop/test/mruby/bin$ gdb -q ./mirb rReading symbols from ./mirb...done. gdb r testmrbvmexec.rb Starting...

shopify-scripts: SIGSEGV in mrb_str_inum

PoC ------------------- The following code triggers the bug attached as testmrbstrinum.rb: def methodmissingfalse end def tostr""end Integerÿ,2.h Debug - mirb ------------------- x@x:/Desktop/test/mruby/bin$ gdb -q ./mirb r Reading symbols from ./mirb...idone. gdb r testmrbstrinum.rb Starting...

CVE-2016-10225

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxidebug/sunxidebug...

Code injection

The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxidebug/sunxidebug...

CVE-2017-7271

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

Cross site scripting

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

CVE-2017-7271

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

CVE-2017-7271

CVE-2017-7271 describes a reflected XSS in the Yii Framework prior to 2.0.11. In development mode, crafted request data can be mishandled on the debug-mode exception screen, allowing remote attackers to inject arbitrary script/HTML. Affected product/version: Yii Framework before 2.0.11 (developme...

CVE-2017-7271

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

CVE-2016-10225

The CVE-2016-10225 issue affects the sunxi-debug driver in Allwinner 3.4 legacy kernels on H3, A83T and H8 devices. The flaw allows local users to gain root privileges by sending the string rootmydevice to /proc/sunxi_debug/sunxi_debug. Connected sources confirm related artifacts, including a ker...

openssh security and bug fix update

5.3p1-122 - Allow to use ibmca crypto hardware 1397547 - CVE-2015-8325: privilege escalation via user's PAM environment and UseLogin=yes 1405374 5.3p1-121 - Fix missing hmac-md5-96 from server offer 1373836 5.3p1-120 - Prevent infinite loop when Ctrl+Z pressed at password prompt 1218424 - Remove...

shopify-scripts: Null pointer dereference in mrb_class

PoC === The following demonstrates a crash: if def class A ensure e rescue 0 end end .map.a Debug info ========== The crash happens due to a null pointer dereference in mrbclass, class.h:50. 50├ return mrbobjptrv-c; Valgrind shows several reads inside free'd blocks. Test platform =============...

Firebird - Relational Database CNCT Group Number Buffer Overflow Exploit

Exploit for windows platform in category local exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Firebird Relational Database CNCT Group Number Buffer Overflow',...

shopify-scripts: Null pointer dereference in ary_concat

PoC === The following demonstrates a crash: def f end @a = f &:s Debug info ========== mruby crashes in array.c:260 due to a null pointer dereference. 256│ aryconcatmrbstate mrb, struct RArray a, struct RArray a2 257│ 258│ mrbint len; 259│ 260├ if a2-len ARYMAXSIZE - a-len 261│ mrbraisemrb,...

shopify-scripts: SIGABRT - mirb - Double Free

PoC ------------------- Attached as test.rb Debug - mirb ------------------- x@x:/Desktop/test/mruby/bin$ gdb -q ./mirb r Reading symbols from ./mirb...done. gdb r test.rb Starting program: /home/x/Desktop/test/mruby/bin/mirb test.rb mirb - Embeddable Interactive Ruby Shell NoMethodError: undefin...

Hardcoded credentials

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account...

CVE-2017-6351

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account...

CVE-2017-6351

The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account...