Double free

The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which cou...

CVE-2017-11023

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads...

subjack - Hostile Subdomain Takeover tool written in Go

subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule...

Buffer overflow

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, setting the HMAC key by different threads during SHA operations may potentially lead to a buffer overflow...

AWSBucketDump - Security Tool to Look For Interesting Files in S3 Buckets

AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. It's similar to a subdomain bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you're not afraid to...

dcrawl - Simple, But Smart, Multi-Threaded Web Crawler For Randomly Gathering Huge Lists Of Unique Domain Names

dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the sa...

CVE-2013-0870

The 'vp3decodeframe' function in FFmpeg 1.1.4 moves threads check out of header packet type check...

CVE-2013-0870

The 'vp3decodeframe' function in FFmpeg 1.1.4 moves threads check out of header packet type check...

CVE-2013-0870

The 'vp3decodeframe' function in FFmpeg 1.1.4 moves threads check out of header packet type check...

Downloading entire Vulners.com database in 5 minutes

Today I once again would like to talk about Vulners.com and why, in my opinion, it is the best vulnerability database that exist nowadays and a real game-changer. The main thing is transparency. Using Vulners you not only can search for security content see "Vulners – Google for hacker", but...

Behind the CARBANAK Backdoor

In this blog, we will take a closer look at the powerful, versatile backdoor known as CARBANAK aka Anunak. Specifically, we will focus on the operational details of its use over the past few years, including its configuration, the minor variations observed from sample to sample, and its evolution...

Security Advisory - Memory Double Free Vulnerability in Touch Panel Driver of Some Huawei Smart Phones

The Touch Panel TP driver of some Huawei smart phones has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which coul...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CVE-2017-8891

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

Code injection

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

CVE-2017-8891

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

CVE-2017-8891

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

CVE-2017-8891

Technical details (affected product versions, root cause specifics, exploits) are not publicly disclosed in the provided documents; monitor for updates.