1410 matches found
USN-4976-1 dnsmasq vulnerability
Petr Mensik discovered that Dnsmasq incorrectly randomized source ports in certain configurations. A remote attacker could possibly use this issue to facilitate DNS cache poisoning attacks...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
Randomization of NFTs returned in redeem/swap operations can be brute-forced
Handle 0xRajeev Vulnerability details Impact If we assume that certain NFTs in a vault over time will have different market demand/price then the users will try to redeem those specific NFTs. Even if direct redeems are disabled to prevent such a scenario to default to returning randomized NFTs, a...
CVE-2021-1087
NVIDIA vGPU driver contains a vulnerability in the Virtual GPU Manager vGPU plugin, which could allow an attacker to retrieve information that could lead to a Address Space Layout Randomization ASLR bypass. This affects vGPU version 12.x prior to 12.2, version 11.x prior to 11.4 and version 8.x...
The vulnerability of DNS clients, related to errors in randomizing transaction identifiers during DNS queries, allows attackers to compromise data integrity.
The vulnerability of the DNS client is related to errors during the randomization of DNS transaction identifiers. Exploiting this vulnerability allows a malicious actor to compromise the integrity of data...
SUSE: Security Advisory (SUSE-SU-2020:3651-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Nucleus ReadyStart安全特征问题漏洞
The Nucleus NET module includes a range of standards-compliant networking and communications protocols, drivers and utilities to provide full-featured networking support in any embedded device.Nucleus RTOS provides a highly scalable microkernel-based real-time operating system designed for...
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: use after free in eventpoll.c may lead to escalation of privilege CVE-2020-0466 kernel: SCSI target LIO write to any block on ILO backstore CVE-2020-28374 kernel: Use after free via PI...
HackerOne: Enumerating HackerOne Pentests
Summary: An attacker can enumerate companies that performed pentests using the HackerOne platform. Steps To Reproduce: HackerOne pentests usually have an alias ending in -h1p. We will use the HTTP Request below to enumerate pentests update X-CSRF-Token, Cookie, and contextteamhandle. PATCH...
Oracle Linux 7 : kernel (ELSA-2021-0856)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0856 advisory. - pinctrl devicetree: Avoid taking direct reference to device name string Aristeu Rozanski 1922902 CVE-2020-0427 - pinctrl Delete an error message...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
kernel: ICMP rate limiting can be used for DNS poisoning attack
A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentialit...
Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9007)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9007 advisory. - xen-blkback: set ring-xenblkd to NULL after kthreadstop Pawel Wieczorkiewicz Orabug: 32260252 CVE-2020-29569 - xenbus/xenbusbackend: Disallow...
Pidrila - Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
PIDRILA : P ython I nteractive D eepweb-oriented R apid I ntelligent L ink A nalyzer is really fast async web path scanner prototype developed by BrightSearch team for all ethical netstalkers. Installation & Usage git clone https://github.com/enemy-submarine/pidrila.git cd pidrila python3...
ctf-writeups
This is a PoC exploit for a double free vulnerability in a binary. The exploit creates overlapping chunks on the heap, manipulates heap metadata, and overwrites the mallochook with a one-gadget address to execute /bin/sh. The challenge is interesting because it does not allow the exploitation of...