32 matches found
SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...
RUSTSEC-2024-0363 Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...
Fedora: Security Advisory for rust-clippy-sarif (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for rust-clippy-sarif (FEDORA-2024-ce2936b568)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: rust-clippy-sarif-0.4.2-3.fc40
Convert clippy output to SARIF...
Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2024-574)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-574 advisory. RUSTSEC-2024-0006 NOTE: https://rustsec.org/advisories/RUSTSEC-2024-0006.html NOTE: https://github.com/comex/rust-shlex/security/advisories/GHSA-r7qv-8r2h-pg27 Tenable has extracted the preceding...
RUSTSEC-2024-0018 ObjectPool creates uninitialized memory when freeing objects
As of version 0.6.0, the ObjectPool explicitly creates an uninitialized instance of its type parameter when it attempts to free an object, and swaps it into the storage. This causes instant undefined behavior due to reading the uninitialized memory in order to write it to the pool storage...
Amazon Linux 2023 : cargo, clippy, rust (ALAS2023-2023-323)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-323 advisory. Cargo downloads the Rust project's dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archiv...
openSUSE Security Update : rust (openSUSE-2019-2203)
This update for rust fixes the following issues : Rust was updated to version 1.36.0. Security issues fixed : - CVE-2019-12083: a standard method can be overridden violating Rust's safety guarantees and causing memory unsafety bsc1134978 - CVE-2018-1000622: rustdoc loads plugins from world-writab...
Malicious MS Office Macro Creator
Evil Clippy is a tool for creating malicious Microsoft Office macros: At BlackHat Asia we released Evil Clippy, a tool which assists red teamers and security testers in creating malicious MS Office documents. Amongst others, Evil Clippy can hide VBA macros, stomp VBA code via p-code and confuse...
Evil Clippy - A Cross-Platform Assistant For Creating Malicious MS Office Documents
A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code via P-Code and confuse macro analysis tools. Runs on Linux, OSX and Windows. Current features Hide VBA macros from the GUI editor VBA stomping P-code abuse Fool analyst tools Serve VBA stomp...
[BeEF] Fake Browser Update Exploitation
How to use BeEF Framework for fake browser update exploitation. Fake Browser Update : - In BeEF Framework there is a new feature available in social-engineering called Clippy using this feature we are sending the fake Update notification and if user click on that so obviously he is going to insta...