Moderate: binutils security update

The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities. Security Fixes: binutils: Excessive debug...

Hiding Vulnerabilities in Source Code

Really interesting research demonstrating how to hide vulnerabilities in source code by manipulating how Unicode text is displayed. Its really clever, and not the sort of attack one would normally think about. From Ross Andersons blog: We have discovered ways of manipulating the encoding of sourc...

CVE-2021-42574

An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0. It permits the visual reordering of characters via control sequences, which can be used to craft source code that renders different logic than the logical ordering of tokens ingested by compilers and...

Low: Red Hat Security Advisory: binutils security update

An update for binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

Low: Red Hat Security Advisory: binutils security and bug fix update

An update for binutils is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

RHEL 8 : binutils (RHSA-2020:1797)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1797 advisory. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includ...

CVE-2019-17408

parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...

binutils security update

CentOS Errata and Security Advisory CESA-2019:2075 An update for binutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : binutils (CESA-2019:2075)

An update for binutils is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

CVE-2018-20642

CVE-2018-20642 affects PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1. The vulnerability is triggered by crafted JavaScript in the KeySkills field, causing a denial of service (outage of profile editing). Documents confirm the affected product and root cause (malformed input in KeySkills) ...

Java deserialization vulnerability the principles of the analysis-vulnerability warning-the black bar safety net

In the world there are three things most difficult: Put someone else's money stuffed into their own pockets Put their ideas put into someone else's head. To let own code run on someone else's server Foreword Java deserialization vulnerability is nearly a period of time has been focused on the...

New Android vulnerability allows attackers to modify apps without affecting their signatures(CVE-2017-13156)

A serious vulnerability CVE-2017-13156 in Android allows attackers to modify the code in applications without affecting their signatures. The root of the problem is that a file can be a valid APK file and a valid DEX file at the same time. We have named it the Janus vulnerability, after the Roman...

CVE-2017-1000410

The Linux kernel version 3.3-rc1 and later is affected by a vulnerability lies in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. This info leak is a result of uninitialized stack variables that may be returned to an attacker in their uninitialized state. B...

RubyGems: Host Header Injection/Redirection

rubygems.org is vulnerable to host header injection because the host header can be changed to something outside the target domain. Attack vectors are somewhat limited but depends on how the host header is used by the back-end application code. If code references the hostname used in the URL such ...

Dynamic Instrumentation Tool Platform: DynamoRIO

Dynamic Instrumentation Tool Platform DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling...

Theory PHP Common Vulnerabilities first bomb: installation problems-vulnerability warning-the black bar safety net

First get a copy of the source code, certainly is the first install, and the installation file will often appear problem. Generally the installation file after the installation is complete, basically not automatically delete the install file, I encountered will be automatically deleted if it...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of the The ObjectBackedNativeHandler class extensions/renderer/objectbackednativehandler.cc in the Google Chrome browser extension framework is related to errors in the implementation of the handler functions. Exploiting this vulnerability may allow an attacker to cause service...

Upload pictures of the shell to bypass the filter of several methods-vulnerability warning-the black bar safety net

General site picture upload function to the file filter, to prevent webshell written. But the different procedures of the filter are not the same, how to break through the filter to continue to upload? This article summarizes seven methods that can break! 1, The file header+GIF89a law. （php//this...

ArticleSetup <= 1.11 Multiple Vulnerabilities - Active Check

ArticleSetup is prone to multiple cross-site scripting XSS and SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Multiple vulnerabilities in ZENphoto

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ZENphoto, which can be exploited to perform arbitrary PHP code execution, sql injection and cross site scripting attacks. 1 Arbitrary PHP Code Execution in ZENphoto: CVE-2012-0993 Input passed via...