1109 matches found
Microsoft .NET Framework Denial of Service Vulnerability
Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...
Cross Platform ELF Analysis: ELF Parser
ELF Parser attempts to move ELF malware analysis forward by quickly providing basic information and static analysis of the binary. The end goal of ELF Parser is to indicate to the analyst if it thinks the binary is malicious / dangerous and if so why. Load Any Executable ELF ELF Parser supports...
DEBIAN-CVE-2015-8381
The compileregex function in pcrecompile.c in PCRE before 8.38 and pcre2compile.c in PCRE2 before 10.2x mishandles the /?J:?|:?|?'R'\k'R'|?'R'H'Rk'Rf|s?'R'/ and /?J:?|:?|?'R'\z?|?'R'\k'R'|?'R'k'R'|?'R'H'Ak'Rf|s?'R'/ patterns, and related patterns with certain group references, which allows remote...
FreeBSD : pcre -- heap overflow vulnerability (6900e6f1-4a79-11e5-9ad8-14dae9d210b8)
Guanxing Wen reports : PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. The Heap Overflow vulnerability is caused by the...
pcre -- heap overflow vulnerability
Guanxing Wen reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. The Heap Overflow vulnerability is caused by the followi...
Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution
Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that...
FreeBSD : pcre -- heap overflow vulnerability in '(?|' situations (ff0acfb4-3efa-11e5-93ad-002590263bf5)
Venustech ADLAB reports : PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. Exploits with advanced Heap Fengshui techniques may...
SUSE-SU-2015:1224-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 11 SP3 Teradata kernel was updated to fix the following bugs and security issues. The following security issues have been fixed: - Update patches.fixes/udp-fix-behavior-of-wrong-checksums.patch bsc936831, CVE-2015-5364, CVE-2015-5366. - Btrfs: make xattr replace operatio...
[SECURITY] Fedora 22 Update: cryptopp-5.6.2-9.fc22
Crypto++ Library is a free C++ class library of cryptographic schemes. See http://www.cryptopp.com/ for a list of supported algorithms. One purpose of Crypto++ is to act as a repository of public domain not copyrighted source code. Although the library is copyrighted as a compilation, the...
Linux Kernel '/arch/x86/net/bpf_jit_comp.c' Local Denial of Service Vulnerability
The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux kernel. An attacker could exploit this vulnerability to crash an application and deny service to legitimate users...
WebAssembly — New Standard for Powerful and Faster Web Apps
Google, Apple, Microsoft, and Mozilla have joined hands to create code for use in the future web browsers that promises up to 20 times faster performance. Dubbed WebAssembly or wasm for short, a project to create a new portable bytecode for the Web that will be more efficient for both desktop as...
Win32k elevation of privilege vulnerability, CVE-2 0 1 5-1 7 0 1-exp-vulnerability warning-the black bar safety net
Win32k elevation of privilege vulnerability – CVE-2 0 1 5-1 7 0 1 If Win32k.sys kernel-mode driver improperly handles objects in memory, then there is a privilege elevation vulnerability. Successful exploitation of this vulnerability an attacker can run arbitrary code in kernel mode is. An attack...
focused Web Crawler: ACHE
ACHE is a focused Web crawler that can be customized to search for pages the belong to a given topic or have a given property. To configure ACHE, you need to: define a topic of interest e.g., Ebola, terrorism, cooking recipes; create a model to detect Web pages that belong to this topic; and...
pcre -- multiple vulnerabilities
PCRE development team reports: A pattern such as "?20,1999?", which has a group containing a forward reference repeated a large but limited number of times within a repeated outer group that has a zero minimum quantifier, caused incorrect code to be compiled, leading to the error "internal error:...
UBUNTU-CVE-2015-2326
The pcrecompile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service out-of-bounds read via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by...
Design/Logic Flaw
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to...
SeaMonkey < 2.33.1 Multiple Vulnerabilities
The version of Mozilla SeaMonkey installed on the remote host is prior to 2.33.1. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to...
CVE-2015-0817
The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to...
Firefox < 36.0.3 JIT Code Execution (Mac OS X)
The version of Mozilla Firefox installed on the remote Mac OS X host is prior to 36.0.3. It is, therefore, affected by a remote code execution vulnerability due to an out-of-bounds error in typed array bounds checking within 'asmjs/AsmJSValidate.cpp', which relates to just-in-time compilation for...
Web Application Bruteforcer: 0d1n
0d1n is a Open Source web application bruteforcer and Fuzzer. If your objective is automate exhaustive tests and search for anomalies read vulnerabilities 0d1n can increase your productivity following web parameters, files, directories, forms and other things. With 0d1n you can brute force...