PT-2014-4948 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.1.8 Description: The issue is caused by an off-by-one error in the bpf jit compile function. This error can lead to a denial of service, resulting in a system crash, or potentially allow local users to gain...

Cryptanalysis Remains for TrueCrypt Audit

Phase two of the TrueCrypt audit figures to be a labor-intensive, largely manual cryptanalysis, according to the two experts behind the Open Crypto Audit Project OCAP. Matthew Green, crypto expert and professor at Johns Hopkins University, said a small team of experts will have to, by hand, exami...

perl Locale::Maketext code execution

It's possible to call external functions on template compilation...

Mozilla Firefox Javascript XBL Compilation Code Execution - Ver2 (CVE-2006-1733)

A code execution vulnerability has been reported in Mozilla Firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

GetElementIC typed array stubs can be generated outside observed typesets — Mozilla

Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact...

[Tundeep v0.2a] Layer 2 VPN/Injection tool

Tundeep is a layer 2 VPN/injection tool that resides almost entirely in user space on the victim aside from the pcap requirement. This can be handled via a silent install however. The tool will build on Linux and Windows victims. Windows compilation is achieved using Cygwin. The attacker must be ...

Design/Logic Flaw

Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling...

tcp(port&seq) backdoor

Автор: slashd Что это? Реализации скрытого канала передачи данных на сервер с помощью стандартных полейв нашем случае поля SEQ и Source Port TCP-заголовка. Теоритическая часть. Реализовать скрытую передачу данных с помощью TCP-заголовка можно несколькими способами. Клиентхакер иницирующий...

Fedora 18 : gogoc-1.2-24.fc18 (2013-6656)

Fix PIE compilation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

IDA Pro 6.3 - Crash (PoC)

/ IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License 6.3.120531 Mac OS X IDA Pr...

IDA Pro 6.3 - Crash (PoC)

IDA Pro 6.3 - Crash PoC / IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License...

Oracle Java findMethod findClass Security Bypass

Added: 08/30/2012 CVE: CVE-2012-4681 BID: 55213 OSVDB: 84867 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

About mysql explosion serious compilation vulnerabilities in login authentication problem description-bug warning-the black bar safety net

A while back,mysql explosion of a more serious compilation vulnerabilities in login authentication problem The affected version has All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 arevulnerable. MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not. MySQL versions from...

CentOS 6 : nss (CESA-2012:0973)

Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Network Security Services NSS is a set of...

nspr, nss security update

CentOS Errata and Security Advisory CESA-2012:0973 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2012-July/080886.html Affected packages: nspr nspr-devel nss nss-devel nss-pkcs11-devel nss-sysinit nss-tools nss-util nss-util-devel Upstream details at...

RHEL 6 : nss, nss-util, and nspr (RHSA-2012:0973)

Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Network Security Services NSS is a set of...

[SECURITY] Fedora 15 Update: php-eaccelerator-0.9.6.1-9.fc15.3

eAccelerator is a further development of the MMCache PHP Accelerator & Enco der. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated...

Mandriva Update for mozilla-thunderbird MDVA-2012:019 (mozilla-thunderbird)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Mandriva Update for mozilla-thunderbird MDVA-2012:019 (mozilla-thunderbird)

Check for the Version of mozilla-thunderbird OpenVAS Vulnerability Test Mandriva Update for mozilla-thunderbird MDVA-2012:019 mozilla-thunderbird Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

MDVA-2012:019 : mozilla-thunderbird

This is a maintenance and bugfix release that provides thunderbird 10.0.1 which utilizes better compilation optimizarions. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on 2012/09/06. C Tenable Network Security,...