BlueZ buffer overflow vulnerability (CNVD-2016-11950)

BlueZ is an official Bluetooth stack for Linux. A buffer overflow vulnerability exists in the 'pincodereplydump' function in the tools/parser/hci.c source file of BlueZ version 5.42, which stems from the program's failure to perform sufficient bounds checking on parameters. An attacker could...

CVE-2016-9555

The sctpsfootb function in net/sctp/smstatefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service out-of-bounds slab access or possibly have unspecified other impact via crafted SCTP data...

Elevation of Privilege Vulnerability in Multiple Huawei Phones (CNVD-2016-11305)

Huawei Mate 8, Mate S, P8 are smartphones from Huawei. A security vulnerability in the form of missing parameter checking exists in several Huawei phones. The vulnerability is exploited on the premise that an attacker obtains Graphic or Camera permissions and induces the user to install a malicio...

Mozilla Firefox integer overflow vulnerability (CNVD-2016-11474)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. Mozilla Firefox has a security vulnerability. Potential integer overflow or other bounds-checking issues due to incorrect parameter length checking in JavaScript...

CVE-2016-5297

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

Arbitrary File Upload Vulnerability in Dotclear

Dotclear is an open source free web publishing software, created by Olivier Meunier in 2002. Dotclear suffers from an arbitrary file upload vulnerability. Due to the administrator theme management page blogtheme.php, inc/core/class.dc.modules.php there is a theme legitimacy checking problem,...

CVE-2016-5297

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

Linux Kernel Local Buffer Overflow Vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. The Linux Kernel suffers from a local buffer overflow vulnerability due to the program failing to adequately perform bounds checking on user input. Allowing an attacker to...

This update of rpm fixes several security issues

All of those fixes were already backported in Mageia but for : - Fix out-of-bounds read on signature checking of malformed package RhBug:1373107...

MGASA-2016-0366 This update of rpm fixes several security issues

All of those fixes were already backported in Mageia but for : - Fix out-of-bounds read on signature checking of malformed package RhBug:1373107...

MS16-1 2 4: Microsoft kernel integer overflow vulnerability-vulnerability warning-the black bar safety net

Foreword Last month I found and reported a Windows registry integer overflow vulnerability, the last week two 2016.10.25）Microsoft released the bug fix patch MS16-1 2 4 and the vulnerability number CVE-2 0 1 6-0 0 7 0's. The vulnerability may lead to local privilege escalation that affects multip...

NVIDIA Driver - No Bounds Checking in Escape 0x7000170 Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=936 The DxgkDdiEscape handler for 0x7000170 lacks proper bounds checks for the variable size input escape data, and relies on a user provided size as the upper bound for writing...

NVIDIA Driver - No Bounds Checking in Escape 0x7000194 Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=895 The DxgkDdiEscape handler for 0x7000194 doesn't do bounds checking with the user provided lengths it receives. When these lengths are passed to memcpy, overreads and memory...

NVIDIA Driver - No Bounds Checking in Escape 0x7000194

NVIDIA Driver - No Bounds Checking in Escape 0x7000194 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=895 The DxgkDdiEscape handler for 0x7000194 doesn't do bounds checking with the user provided lengths it receives. When these lengths are passed to memcpy, overreads and memory...

NVIDIA Driver - No Bounds Checking in Escape 0x7000170

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=936 The DxgkDdiEscape handler for 0x7000170 lacks proper bounds checks for the variable size input escape data, and relies on a user provided size as the upper bound for writing output. Crashing context with PoC Win 10 x64 with...

Subversion 1.6.6 / 1.6.12 - Code Execution

Exploit for linux platform in category remote exploits This is an exploit for the subversion vulnerability published as CVE-2013-2088. Author: GlacierZ0ne email protected Exploit Type: Code Execution Access Type: Authenticated Remote Exploit Prerequisites: svn command line client available,...

libgd 'gd_webp.c' Integer Overflow Vulnerability

libgd also known as GD Graphics Library or libgd2 is an American software developer Thomas Boutell developed an open source library for dynamic image creation, which supports the creation of charts, graphs and thumbnails and so on. An integer overflow vulnerability exists in libgd version 2.2.3,...

FreePBX Remote Command Execution

Title : Freepbx =begin Freepbx 13.x are vulnerable to Remote command execution due to the insuffecient sanitization of the user input fields language,destination and also due to the lack of good authentication checking Technical details Vulnerable file :...

ImageMagick Remote Buffer Overflow Vulnerability

ImageMagick is a set of open-source image processing software from the U.S. company ImageMagick Studio. The software can read, convert and write pictures in a variety of formats. A buffer overflow vulnerability exists in ImageMagick, which stems from the program's failure to perform proper bounda...

FreePBX 13.0.188 - Remote Command Execution (Metasploit)

FreePBX 13.0.188 - Remote Command Execution Metasploit Title : Freepbx =begin Freepbx 13.x are vulnerable to Remote command execution due to the insuffecient sanitization of the user input fields language,destination and also due to the lack of good authentication checking Technical details...