Information disclosure

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application,...

CVE-2017-17319

Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 have an information disclosure vulnerability. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application,...

Security Advisory - Information Disclosure Vulnerability on Huawei Smartphones

There is an information disclosure vulnerability on Huawei smartphones. The software does not properly protect certain resource which can be accessed by multithreading. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in kernel...

DEBIAN-CVE-2017-18193

fs/f2fs/extentcache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service BUG via an application with multiple threads...

DEBIAN-CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are...

UBUNTU-CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are...

QuarkslaB Dynamic binary Instrumentation: QBDI

QuarkslaB Dynamic binary Instrumentation QBDI is a modular, cross-platform and cross-architecture DBI framework. It aims to support Linux, macOS, Android, iOS and Windows operating systems running on x86, x86-64, ARM and AArch64 architectures. Information about what is a DBI framework and how QBD...

Scientific Linux Security Update : sssd on SL7.x x86_64 (20171205)

Security Fixes : - It was found that sssd's sysdbsearchuserbyupnres function did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use thi...

Mozilla Firefox Installation Spoofing Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Installation is one of the installation and configuration programs. A security vulnerability exists in Mozilla Firefox installation in versions prior to Mozilla Firefox 56. The vulnerability can be...

Cansina - Web Content Discovery Tool

Cansina is a Web Content Discovery Application. It is well known Web applications don't publish all their resources or public links, so the only way to discover these resources is requesting for them and check the response. Cansina duty is to help you making requests and filtering the responses t...

portSpider - A Lightning Fast Multithreaded Network Scanner Framework With Modules

A lightning fast multithreaded network scanner framework with modules. modules: http - Scan for open HTTP ports, and get the the titles. mysql - Scan for open MySQL servers, and try to log in with the default credentials. mongodb - Scan for open MongoDB instances, and check if they are password...

PT-2017-17012 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.9.13 Description: A race condition exists in the Linux kernel, specifically in the net/packet/af packet.c file, which can be exploited by local users through a multithreaded application that makes PACKET FANOU...

DEBIAN-CVE-2017-5986

Race condition in the sctpwaitforsndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service assertion failure and panic via a multithreaded application that peels off an association in a certain buffer-full state...

CVE-2014-9914

Summary of CVE-2014-9914 (Linux kernel) : A race condition in ip4_datagram_release_cb within net/ipv4/datagram.c (kernel before 3.15.2) can be exploited by a local user to gain privileges or cause a denial of service (use-after-free) due to incorrect locking assumptions during multithreaded IPv4 ...

CVE-2016-8605

CVE-2016-8605 affects GNU Guile: the mkdir path temporarily changes the process umask to 0, allowing a race in multithreaded apps to create files with insecure permissions (e.g., 0777) in affected versions prior to Guile 2.0.13; remediation is upgrading to Guile 2.0.13 or later. Related CVE-2016-...

Xitami Web Server 5.0a0 - Denial of Service

Xitami Web Server 5.0a0 - Denial of Service !/usr/bin/env python X5 Webserver 5.0 Remote Denial Of Service Exploit Vendor: iMatrix Product web page: http://www.xitami.com Affected version: 5.0a0 Summary: X5 is the latest generation web server from iMatix Corporation. The Xitami product line...

php: libxml_disable_entity_loader setting is shared between threads

ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxmldisableentityloader changes in other threads, which allows remote attackers to conduct XML External Entity XXE and XML Entity Expansion XEE attacks via a crafted XML...

OpenDoor - OWASP Directory Access Scanner

This application scans the site directories and find all possible ways to login, empty directories and entry points. Scans conducted in the dictionary that is included in this application. This software is written for informational purposes and is an open source product under the GPL license...

OWASP Directory Access scanner

OWASP Directory Access scanner This application scans the site directories and find all possible ways to login, empty directories and entry points. Scans conducted in the dictionary that is included in this application. This software is written for informational purposes and is an open source...

Xplico v1.1.1 - Open Source Network Forensic Analysis Tool (NFAT)

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is ...