Code injection

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 06demo-1 (=1.0.0) +34017 more potentially affected by CVE-2022-37601 via loader-utils (>=0.1.2 <=1.4.0)

loader-utils NPM version =0.1.2, =1.0.1, =1.1.0 - 06demo-1 =1.0.0 - 0726react =0.1.1 - 0x0.icu.anima =0.1.0 - 0xgank-tea-advice-pull =1.0.0 - 0xgank-tea-balance-pencil =1.0.0 - 0xgank-tea-brick-bell =1.0.0 - 0xgank-tea-cake-victory =1.0.0 - 0xgank-tea-central-compound =1.0.0 -...

CVE-2019-9900

When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters NUL, ASCII 0x0. This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources...

CVE-2013-2551-sample analysis and exploits and Defense-vulnerability warning-the black bar safety net

0x0 is written on the front VUPEN team in the Pwn2Own 2013 hacking contest using the vulnerability to compromise Windows 8 environment, IE10, then on their blog discloses technical details. According to VUPEN description of the vulnerability produced in the VGX. DLL module, in the VML language...