CVE-2019-15145

DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack application crash via an out-of-bounds read by crafting a corrupted JB2 image file that is mishandled in JB2Dict::JB2Codec::getdirectcontext in libdjvu/JB2Image.h because of a missing zero-bytes check in libdjvu/GBitmap.h...

libmspack: chmd_read_headers() fails to reject filenames containing NULL bytes

chmdreadheaders in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character such as the "/\0" name...

libarchive: Out of bounds read in archive_read_support_format_7zip.c resulting in a denial of service

libarchive version commit bf9aec176c6748f0ee7a678c5f9f9555b9a757c1 onwards release v3.0.2 onwards contains a CWE-125: Out-of-bounds Read vulnerability in 7zip decompression, archivereadsupportformat7zip.c, headerbytes that can result in a crash denial of service. This attack appears to be...

ruby: Unintentional socket creation by poisoned NULL byte in UNIXServer and UNIXSocket

It was found that the UNIXSocket::open and UNIXServer::open ruby methods did not handle the NULL byte properly. An attacker, able to inject NULL bytes in the socket path, could possibly trigger an unspecified behavior of the ruby script...

Linux/x86 - ASLR Disable Polymorphic Shellcode (107 bytes)

---------------------- DESCRIPTION ------------------------------------- ; Title: Linux x86 ASLR deactivation for Linux/x86 - Polymorphic ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 107 bytes ; SLAE ID: PA-9844 ---------------------- ASM CODE...

Linux/x86 - Force Reboot Shellcode (51 bytes)

---------------------- DESCRIPTION ------------------------------------- ; Title: NOT encoded Linux/x86 Force Reboot shellcode for Linux/x86 - Polymorphic ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 51 bytes ; SLAE ID: PA-9844 ---------------------- ASM CODE...

Linux/x86 chmod(/etc/shadow, 0666) Polymorphic Shellcode (53 bytes)

---------------------- DESCRIPTION ------------------------------------- ; Title: chmod“/etc/shadow”, 0666 and exit for Linux/x86 - Polymorphic ; Author: Daniel Ortiz ; Tested on: Linux 4.18.0-25-generic 26 Ubuntu ; Size: 53 bytes ; SLAE ID: PA-9844 ---------------------- ASM CODE...

PostgreSQL 11.x < 11.3 Memory Disclosure Vulnerability - Windows

PostgreSQL is prone to a memory disclosure vulnerability in the partition routing. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2019-10129

A vulnerability was found in postgresql versions 11.x prior to 11.3. Using a purpose-crafted insert to a partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any user can create a partitioned table suitable for this attack. Exploit prerequisites...

CVE-2019-11868

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to...

Code injection

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to...

CVE-2019-11868

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to...

CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case...

UBUNTU-CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case...

CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case...

CVE-2018-11779

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...

CVE-2018-11779

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...

Apache Storm Deserialization Vulnerability

Apache Storm is the United States Apache Apache Software Foundation, a set of open source distributed real-time computing system using Clojure concurrent programming language development. A deserialization vulnerability exists in Apache Storm versions 1.1.0 through 1.2.2. The vulnerability stems...

Linux/x86 - execve(/bin/sh) using JMP-CALL-POP Shellcode (21 bytes)

/ ;Category: Shellcode ;Title: GNU/Linux x86 - execve /bin/sh using JMP-CALL-POP technique 21 bytes ;Author: kiriknik ;Date: 01/07/2019 ;Architecture: Linux x86 =========== Asm Source =========== global start section .text start: jmp short callshellcode shellcode: pop ebx xor eax,eax mov al, 11 i...

UBUNTU-CVE-2019-13117

In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character...