2431 matches found
Slack: Race Condition in account survey
There exists a race condition in the beginning survey, allowing a user to get $100 in credit multiple times. In my example, I made 2 asynchronous requests, and was credited with $200. POC: 1. Create a new slack team. 2. Set your password, and find the account creation survey. 3. Complete the...
Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...
Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...
Raptor - Web-based Source Code Vulnerability Scanner
Raptor is a web-based web-serivce + UI github centric source-vulnerability scanner i.e. it scans a repository with just the github repo url. You can setup webhooks to ensure automated scans every-time you commit or merge a pull request. The scan is done asynchonously and the results are available...
Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...
Qemu: block: iscsi: buffer overflow in iscsi_aio_ioctl
Quick EmulatorQEMU built with the Block driver for iSCSI images support virtio-blk is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl2 calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in...
UBUNTU-CVE-2016-6635
Cross-site request forgery CSRF vulnerability in the wpajaxwpcompressiontest function in wp-admin/includes/ajax-actions.php in WordPress before 4.5 allows remote attackers to hijack the authentication of administrators for requests that change the script compression option...
[SECURITY] Fedora 24 Update: php-guzzlehttp-guzzle6-6.2.1-1.fc24
Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and tr ivial to integrate with web services. Simple interface for building query strings, POST requests, streaming lar ge uploads, streaming large downloads, using HTTP cookies, uploading JSON da ta, etc... Can send both...
Urban Dictionary: Race Condition in Definition Votes
There exists a race condition vulnerability in definition votes, allowing any user to artificially manipulate the number of up/down votes for a definition by making asynchronous requests to vote. A malicious user can use this method to reach any number of up or down votes for a definition. See th...
USN-3037-1 linux-lts-vivid vulnerability
Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...
USN-3036-1 linux-lts-utopic vulnerability
Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...
USN-3034-1: Linux kernel vulnerability
Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...
USN-3034-1 linux vulnerability
Jan Stancek discovered that the Linux kernel's memory manager did not properly handle moving pages mapped by the asynchronous I/O AIO ring buffer to the other nodes. A local attacker could use this to cause a denial of service system crash...
DEBIAN-CVE-2016-5126
Heap-based buffer overflow in the iscsiaioioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service QEMU process crash or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call...
CVE-2016-5126
Heap-based buffer overflow in the iscsiaioioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service QEMU process crash or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call...
CVE-2016-5126
Heap-based buffer overflow in the iscsiaioioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service QEMU process crash or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call...
CVE-2016-5126
Heap-based buffer overflow in the iscsiaioioctl function in block/iscsi.c in QEMU allows local guest OS users to cause a denial of service QEMU process crash or possibly execute arbitrary code via a crafted iSCSI asynchronous I/O ioctl call...
kernel security and bug fix update
3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...
USN-2969-1 linux-lts-utopic vulnerabilities
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the Linux kernel did not properly validate the endpoints reported by the device. An attacker with physical access could cause a denial of service system crash. CVE-2015-7515 Ben Hawkes discovered that the Linux kernel's AIO...
PT-2016-3471 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.4.1 Description: The issue is related to an integer overflow in the fs/aio.c file of the Linux kernel. This can be exploited by local users to cause a denial of service or possibly have other unspecified impac...