CVE-2016-4973

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection SSP might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature...

Buffer overflow

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection SSP might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature...

CVE-2016-4973

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection SSP might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature...

DEBIAN-CVE-2016-4973

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection SSP might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature...

CVE-2016-4973

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection SSP might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature...

CVE-2016-4973

Binaries compiled against targets that use the libssp library in GCC for stack smashing protection SSP might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature...

CVE-2014-9927

In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist...

Wireshark DHCP Parser Buffer Overflow Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A buffer overflow vulnerability exists in the Wireshark DHCP parser due to a failure to...

Open Sources Research Framework: OSRFramework

Open Sources Research Framework OSRFramework is a GNU AGPLv3+ set of libraries developed by i3visio to perform Open Source Intelligence tasks. They include references to a bunch of different applications related to username checking, DNS lookups, information leaks research, deep web search, regul...

CMS Web-Gooroo 1.141 - Multiple Vulnerabilities

CMS Web-Gooroo 1.141 - Multiple Vulnerabilities Exploit Title: CMS Web-Gooroo getmegaadmin; 2d626704807d4c5be1b46e85c4070fec - mayhem 2967a371178d713d3898957dd44786af - no success in bruteforce, though... 3. Full path disclosure Almost any file, because of lack of input validation and overall bad...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-629)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.10 - OpenJDK 7u141 bsc1034849 - Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-351...

CVE-2017-1000363

A vulnerability was found in the Linux kernel's lpsetup function where it doesn't apply any bounds checking when passing "lp=none". This can result into overflow of the parportnr array. An attacker with control over kernel command line can overwrite kernel code and data with fixed 0xff values...

Apple iOS / MacOS Netagent Kernel Memory Disclosure(CVE-2017-2507)

iOS/MacOS kernel memory disclosure due to lack of bounds checking in netagent socket option handling netagentctlsetopt is the setsockopt handler for netagent control sockets. Options of type NETAGENTOPTIONTYPEREGISTER are handled by netagenthandleregistersetopt. Here's the code: static errnot...

Apple MacOS NSUnarchiver Heap Corruption(CVE-2017-2523)

Via NSUnarchiver we can read NSBuiltinCharacterSet with a controlled serialized state. It reads a controlled int using decodeValueOfObjCType:"i" then either passes it to CFCharacterSetGetPredefined or uses it directly to manipulate NSBuiltinSetTable. Neither path has any bounds checking and the...

VX Search Enterprise 9.5.12 - GET Buffer Overflow Exploit

Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VX Search Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a...

libxml2 incomplete fix for stack buffer overflow vulnerability

Libxml2 is the GNOME project team developed a C-based library for parsing XML documents. Libxml2 suffers from a stack-based buffer overflow vulnerability that arises from a program that does not perform proper boundary checking on user input. An attacker could use this vulnerability to execute...

WordPress XML-RPC API Metadata Checking Error Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress is vulnerable to an API metadata checking error vulnerability. An attacker could exploit the vulnerability to gain...

Apple macOSiOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:]

Apple macOSiOS - NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in NSBuiltinCharacterSet initWithCoder: Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1170 Via NSUnarchiver we can read NSBuiltinCharacterSet with a controlled serialized state. It reads a controlled...

Apple macOSiOS - CAMediaTimingFunctionBuiltin NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking

Apple macOSiOS - CAMediaTimingFunctionBuiltin NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1175 CAMediaTimingFunctionBuiltin is a class in QuartzCore. Its initWithCoder: method reads an Int "index" then passes...

Apple iOS / macOS - NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking in CAMediaTimin

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1175 CAMediaTimingFunctionBuiltin is a class in QuartzCore. Its initWithCoder: method reads an Int "index" then passes that to builtinfunction mov ebx, edi -- controlled unsigned...