243 matches found
Memory corruption
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD...
CVE-2017-14880
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "numq6rule" does not have a mut...
Code injection
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "numq6rule" does not have a mut...
CVE-2017-14880
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while IPA WAN-driver is processing multiple requests from modem/user-space module, the global variable "numq6rule" does not have a mut...
BEESCMS V4.0_R_20160525全局变量覆盖导致前台getshell
...
TrendNet AUTHORIZED_GROUP Information Disclosure Vulnerability
Exploit for hardware platform in category web applications TrendNet AUTHORIZEDGROUP Information Disclosure Full report: https://blogs.securiteam.com/index.php/archives/3627 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory describes an information disclosur...
Ruby Psych::Emitter start_document Heap Overflow Vulnerability(CVE-2016-2338)
DESCRIPTION An exploitable heap overflow vulnerability exists in the Psych::Emitter startdocument function of Ruby. In Psych::Emitter startdocument function heap buffer "head" allocation is made based on tags array length. Specially constructed object passed as element of tags array can increase...
phpMyAdmin Global Variable Scope Injection Vulnerability (PMASA-2013-7) - Windows
phpMyAdmin is prone to a global variable scope injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
phpMyAdmin Global Variable Scope Injection Vulnerability (PMASA-2013-7) - Linux
phpMyAdmin is prone to a global variable scope injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
D-Link DIR Series Router Authentication Information Disclosure Vulnerability
The DIR series is a series of cloud router products from AUO D-Link. The D-Link DIR series routers are vulnerable to an information disclosure vulnerability that remotely bypasses authentication by triggering a global variable when an administrator logs into the device. Therefore, an attacker can...
macOS Kernel 10.12.3 (16D32) - audit_pipe_open Off-by-One Memory Corruption Exploit
Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1126 MacOS kernel memory corruption due to off-by-one in auditpipeopen auditpipeopen is the special file open handler for the auditpipe device major number 10. Here's the code:...
Axessh 4.2 - Denial Of Service
Axessh是一款windows下的ssh工具,使用后会开启ssh 22端口,并开启wsshed.exe服务,当wsshed.exe在接收字符串时,会调用BIGNUM相关函数进行处理,但对于BIGNUM的结构体没有进行赋初值,导致空指针引用引发拒绝服务漏洞,下面对此漏洞进行详细分析。 这里要提的一点是,Exploit-db给的PoC可以触发漏洞,但实际上,只要连接22端口,都会引发这个漏洞的发生,哪怕只发送一字节的内容。 附加wsshed.exe,执行PoC,引发中断,这边捕获到漏洞触发位置。 0:000 g f74.a68: Access violation - code c00000...
unsorted bin attack analysis-vulnerability warning-the black bar safety net
One, Foreword This is before that article overflow using the FILE structure of the follow-up article, mentioned earlier is for the Shanghai network security contest pwn450 of technology to write articles, a total of two techniques, one is the overflow using the FILE structure of the body, one is...
php: bcpowmod accepts negative scale causing heap buffer overflow corrupting _one_ definition
The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 modifies certain data structures without considering whether they are copies of the zero, one, or two global variable, which allows remote attackers to cause a denial of service or possibl...
Ovidentia troubleticketsModule 7.6 - Remote File Inclusion
Ovidentia troubleticketsModule 7.6 - Remote File Inclusion Title: Ovidentia Module troubletickets 7.6 GLOBALSbabInstallPath Remote File Inclusion Vulnerability Author: bd0rk || SCHOOL-OF-HACK.NET eMail: bd0rkathackermail.com Website: http://www.school-of-hack.net Download:...
seacms variable override vulnerability
SeaCms is a set of applications for building online movies with PHP+MYSQL architecture. A global variable override vulnerability exists in seacms version 6.26. An attacker who successfully exploits this vulnerability can directly access the administration backend of the website...
Buffer overflow
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...
CVE-2015-5218
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...
CVE-2015-5218
Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...
LFI with PHPInfo the local test process-bug warning-the black bar safety net
LFI with PHPInfo foreign researchers in 2 0 0 1 published in a local file comprising the use of the method, as a novice in the domestic but can not find complete study materials, after several days of research to learn and put their learning process, summarize, and share. Basics The local file...