DEBIAN-CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

UBUNTU-CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

Buffer overflow

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

CVE-2018-7284

A Buffer Overflow issue was discovered in Asterisk through 13.19.1, 14.x through 14.7.5, and 15.x through 15.2.1, and Certified Asterisk through 13.18-cert2. When processing a SUBSCRIBE request, the respjsippubsub module stores the accepted formats present in the Accept headers of the request. Th...

CVE-2018-7284

CVE-2018-7284 affects Asterisk and Certified Asterisk; during SUBSCRIBE, res_pjsip_pubsub does not cap Accept headers (limit 32) and can write outside memory, causing a crash. Affected: 13.x–15.x releases (precise bounds in sources). Exploitation details exist (Exploit-DB), with vendor advisories...

openSUSE Security Update : syncthing (openSUSE-2018-45)

This update for syncthing brings a new version and fixes the following issues : - Update to version 0.14.42 : - Discovering new files in a deleted directory does not resurrect the directory ghsyncthing/syncthing4475. - 'Panic: interface conversion: errors.errorString is not net.Error' after resta...

Linux/x86-64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (doomedra) Shellcode (175 bytes)

/ ;Author - Andriy Brukhovetskyy - doomedraven - SLAEx64 - 1322 ;175 bytes ;http://www.doomedraven.com/2014/05/slaex64-shellbindtcp-with-passcode.html global start section .text start: push byte 0x29 ; 41 - socket syscall pop rax push byte 0x02 ; AFINET pop rdi push byte 0x01 ; SOCKSTREAM pop rsi...

IRIX - Bind TCP /bin/sh Shell Shellcode (364 bytes)

/ 364 byte MIPS/Irix PIC listening portshell shellcode. -scut/teso / unsigned long int shellcode = 0x2416fffd, / li $s6, -3 / 0x02c07027, / nor $t6, $s6, $zero / 0x01ce2025, / or $a0, $t6, $t6 / 0x01ce2825, / or $a1, $t6, $t6 / 0x240efff9, / li $t6, -7 / 0x01c03027, / nor $a2, $t6, $zero /...

CVE-2017-1000433

pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password...

Apache Httpd < 2.4.33 : Out of bound write in mod_authnz_ldap when using too small Accept-Language values

modauthnzldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two...

Multiple TP-Link Products Information Disclosure Vulnerability

TP-Link TL-WVR and others are wireless router products from China P&L TP-LINK. An information disclosure vulnerability exists in the locale function in several TP-Link products. A remote attacker can exploit this vulnerability by sending an operation=write;locale=%0d request followed by an...

ManageEngine Applications Manager 13 - SQL Injection Vulnerability

Exploit for windows platform in category web applications ManageEngine Applications Manager version 13 suffers from multiple post-authentication SQL injection vulnerabilities. Proof of Concept 1 name= parameter is susceptible: POST /manageApplications.do?method=insert HTTP/1.1 Host:...

Akka HTTP Accept Header Denial of Service Vulnerability

Akka HTTP is an HTTP application. A security vulnerability in Akka HTTP's handling of the ACCEPT header allows remote attackers to exploit the vulnerability to submit specially crafted requests that can crash the application...

openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)

This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs. The following vulnerabilities advised upstream under MFSA 2017-22 boo1060445 were fixed : - CVE-2017-7793: Use-after-free with Fetch API - CVE-2017-7818: Use-after-free during ARIA array...

Security update for Mozilla Firefox and NSS (important)

This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs. The following vulnerabilities advised upstream under MFSA 2017-22 boo1060445 were fixed: - CVE-2017-7793: Use-after-free with Fetch API - CVE-2017-7818: Use-after-free during ARIA array...

Linux/ARM (Raspberry Pi) - Bind TCP Shell (4444/TCP) Shellcode (192 bytes)

/ Andrea Sindoni - @invictus1306 This schellcode is part of my episodes: - ARM exploitation for IoT - https://quequero.org/2017/07/arm-exploitation-iot-episode-2/ Enviroment: Raspberry pi 3 Default settings for port:4444 @.syntax unified .global start start: mov r1, 0x5C @ r1=0x5c mov r5, 0x11 @...

kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c

The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memor...

CVE-2017-8890

The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or possibly have unspecified other impact by leveraging use of the accept system call...