HttpCombiner ASP.NET - Remote File Disclosure

Exploit Title: HttpCombiner ASP.NET Remote File Disclosure Vulnerability Google Dork: filetype:txt intext:HttpCombiner.ashx Date: 2014-10-10 Exploit Author: Hoang Anh Thai Vendor Homepage: https://myfirstsamplepagebyilyasforassign.googlecode.com/files/HttpCombiner-v1.zip Reference:...

Cisco IOS XR Software Compression ACL Bypass Vulnerability

A vulnerability in the port or address range compression feature for access control lists ACLs on Typhoon line cards in Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. The...

CVE-2014-3396

Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133...

Design/Logic Flaw

Cisco IOS XR on ASR 9000 devices does not properly use compression for port-range and address-range encoding, which allows remote attackers to bypass intended Typhoon line-card ACL restrictions via transit traffic, aka Bug ID CSCup30133...

Symantec Encryption Desktop Compressed Mail File Denial-of-Service

SUMMARY Certain encryption applications permit compression directly in the message body of an encrypted email file. Symantec Encryption Desktop will attempt decompression and decryption of these specifically formatted incoming email files without properly limiting maximum file size during the...

What does a pointer look like, anyway?

Posted by Chris Evans, Renderer of Modern Art In Adobe’s August 2014 Flash Player security update, we see: These updates resolve memory leakage vulnerabilities that could be used to bypass memory address randomization CVE-2014-0540, CVE-2014-0542, CVE-2014-0543, CVE-2014-0544, CVE-2014-0545. I...

SOL15516 - LZ4 compression vulnerability CVE-2014-4715

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

USN-2300-1 lzo2 vulnerability

Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code...

USN-2300-1: LZO vulnerability

Don A. Bailey discovered that LZO incorrectly handled certain input data. An attacker could use this issue to cause LZO to crash, resulting in a denial of service, or possibly execute arbitrary code...

[slackware-security] httpd

New httpd packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/httpd-2.4.10-i486-1slack14.1.txz: Upgraded. This update fixes the following security issues: SECURITY:...

Vulnerabilities in LZO and LZ4 compression libraries

Recently disclosed vulnerabilities in the LZO and LZ4 compression libraries could allow remote code execution under certain circumstances. While these libraries are used by a large number of platforms and applications, not all programs may be vulnerable to exploitation. US-CERT recommends that al...

[SECURITY] Fedora 20 Update: lz4-r119-1.fc20

LZ4 is an extremely fast loss-less compression algorithm, providing compres sion speed at 400 MB/s per core, scalable with multi-core CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems...

[SECURITY] Fedora 19 Update: lz4-r119-1.fc19

LZ4 is an extremely fast loss-less compression algorithm, providing compres sion speed at 400 MB/s per core, scalable with multi-core CPU. It also features an extremely fast decoder, with speed in multiple GB/s per core, typically reaching RAM speed limits on multi-core systems...

Upload the file of trap II pure alphanumeric. swf is a vulnerability?- Vulnerability warning-the black bar safety net

0x00 background In a previous uploaded file trap , the author mentioned for flash cross-domain data hijacking,sometimes does not need us to upload a file. Because we can simply use the JSONP interface,the flash content is assigned to the callback to be used. Just like in the comments@Sogili...

Debian DSA-2977-1 : libav - security update

Don A. Baley discovered an integer overflow in the lzo compression handler which could result in the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-2977. The...

[SECURITY] [DSA 2977-1] libav security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2977-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff July 11, 2014 http://www.debian.org/security/faq -...

Debian Security Advisory DSA 2977-1 (libav - security update)

Don A. Baley discovered an integer overflow in the lzo compression handler which could result in the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2977.nasl 6750 2017-07-18 09:56:47Z teissa $ Auto-generated from advisory DSA 2977-1 using nvtgen 1.0 Script version: 1.0 Author:...

DSA-2977-1 libav - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2977-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 20 Update: lzo-2.08-1.fc20

LZO is a portable lossless data compression library written in ANSI C. It offers pretty fast compression and very fast decompression. Decompression requires no memory. In addition there are slower compression levels achieving a quite competitive compression ratio while still decompressing at this...