DEBIAN-CVE-2017-5356

Irssi before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a string containing a formatting sequence % without a closing bracket...

CVE-2017-5356

Irssi before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a string containing a formatting sequence % without a closing bracket...

Arbitrary shell execution

Security Advisory This release contains a fix for a security advisory related to the improper handling of shell commands Uses of shellexec and exec were not escaping filenames and configuration settings in most cases A properly crafted filename or configuration option would allow for arbitrary co...

XAPI Service unable to start , error : xapi dies but pid file exists.

XAPI Service unable to start. It shows that the it already has a pid and is dead. Looking at the logs xensource.log, you will find INTERNALERROR as below: xapi top-level caught exception: INTERNALERROR: Xmlm.MakeStringBuffer.Error, -372779099 Caught exception at toplevel:...

CVE-2017-5356

Irssi before 0.8.21 allows remote attackers to cause a denial of service out-of-bounds read and crash via a string containing a formatting sequence % without a closing bracket...

Hostname Check Bypassing

pyOpenSSL is vulnerable to hostname check bypassing. This is because it does not properly handle hostnames in the certificate that contain null bytes.The string formatting of subjectAltName X509Extension instances incorrectly truncates fields of the name when encountering null bytes, allowing...

[SECURITY] [DLA 634-1] dropbear security update

Package : dropbear Version : 2012.55-1.3+deb7u1 CVE IDs : CVE-2016-7406 CVE-2016-7407 It was discovered that there were two issues in dropbear, a lightweight SSH2 server and client: - CVE-2016-7406: Potential issues in exit message formatting. - CVE-2016-7407: Overflows when parsing OpenSSHs ASN....

Android on Nexus Qualcomm Component Formatting String Vulnerability

Android on Nexus 5 is an open source Linux-based operating system for the Nexus 5 smartphone developed by Google and the Open Handset Alliance OHA.Qualcomm is one of the Qualcomm components used in the Qualcomm devices. Qualcomm is a Qualcomm component used in one of the Qualcomm devices. A...

Security update for php5 (important)

This update for php5 fixes the following security issues: - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2015-8867: The PHP function...

openSUSE Security Update : php5 (openSUSE-2016-576)

This update for php5 fixes the following issues : - CVE-2016-4073: A remote attacker could have caused denial of service, or possibly execute arbitrary code, due to incorrect handling of string length calculations in mbstrcut bsc977003 - CVE-2016-3074: Signedness vulnerability in bundled libgd ma...

Whitewidow - SQL Vulnerability Scanner

Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, and a...

Automated SQL Vulnerability Scanner: Whitewidow

Open Source Automated SQL Vulnerability Scanner Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server...

The vulnerability of the Moodle learning management system allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the usergetuserdetails function in the Moodle training management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code, as there is no invocation of...

ISC BIND 9.3.0 < 9.9.8-P3 / 9.9.x-Sx < 9.9.8-S4 / 9.10.x < 9.10.3-P3 Multiple DoS

According to its self-reported version number, the installation of ISC BIND running on the remote name server is affected by multiple denial of service vulnerabilities : - A denial of service vulnerability exists due to improper handling of certain string formatting options. An authenticated,...

java-1.8.0-openjdk security update

1:1.8.0.71-2.b15 - Add md5sum for previous java.security file so it gets updated. - Resolves: rhbz1295753 1:1.8.0.71-1.b15 - Restore upstream version of system LCMS patch removed by 'sync with Fedora' - Add patch to turn off strict overflow on IndicRearrangementProcessor,2.cpp - Resolves:...

java-1.8.0-openjdk security update

1:1.8.0.71-1.b15 - Add patch to turn off strict overflow on IndicRearrangementProcessor,2.cpp - Resolves: rhbz1295751 1:1.8.0.71-0.b15 - January 2016 security update to u71b15. - Improve verbosity and helpfulness of tarball generation script. - Update patch documentation using version originally...

Idera Up.time agent for Windows formatting string vulnerability

Idera Up.time client for Windows is a Windows-based infrastructure performance monitoring software client from Idera Corporation. A formatting string vulnerability exists in Idera Up.time client for Windows versions 6.0 and 7.2. A remote attacker can exploit this vulnerability by sending a...

Shopify: shopifyapps.com XSS on sales channels via currency formatting

pinterest, twitter, buy button and facebook sales channels vulnerable to xss via currency formatting. steps to reproduce: - remove pinterest, twitter, buy button and facebook sales channels at .myshopify.com/admin/channels - go to .myshopify.com/admin/settings/general - change currency formating ...

CVE-2015-5883

The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence...

Slack: Self-XSS in posts by formatting text as code

Hi I have found an XSS in Slack. To reproduce the issue, just follow this: 1. Go to your Slack account accountname.slack.com 2. Below you will see a plus + sign, click that, there will be three options, click "Create Post" 3. You will be redirected to a page where you will create it. 4. Type the...