RHEL 7 : kernel (RHSA-2017:0004)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:0004 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: A flaw was found in the way the Linux kernel's...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2016-9534

tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1 that didn't reset the tifrawcc and tifrawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."...

Heap overflow

tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1 that didn't reset the tifrawcc and tifrawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."...

CVE-2016-9534

tifwrite.c in libtiff 4.0.6 has an issue in the error code path of TIFFFlushData1 that didn't reset the tifrawcc and tifrawcp members. Reported as MSVR 35095, aka "TIFFFlushData1 heap-buffer-overflow."...

NVIDIA Driver - Unchecked User-Provided Pointer in Escape 0x5000027 Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=937 The DxgkDdiEscape handler for 0x5000027 accepts a user provided pointer, but does no checks on it before using it. ... DWORD userptr = escape5000027data-userptr; v32 = userptr2...

Return to libstagefright: exploiting libutils on Android

Posted by Mark Brand, Invalidator of Unic�o�d�e I’ve been investigating different fuzzing approaches on some Android devices recently, and this turned up the following rather interesting bug CVE 2016-3861 fixed in the most recent Android Security Bulletin, deep in the bowels of the usermode Andro...

Mandriva Linux Security Advisory : perl (MDVSA-2015:136)

Updated perl package fixes security vulnerability : The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service stack consumption and crash via an Array-Reference with many nested Array-References, which...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix one security issue are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

IPN Development Handler 2.0 - Multiple Vulnerabilities

No description provided by source. IPN Development Handler v2.0 CSRF Change Admin Account ============================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://scripts.filehungry.com/product/php/e-commerce/paypal/ipndevelopmenthandler/ ===...

AIX 6.1 TL 7 : socket (IV21128)

When socketpair calls are used on the system we could see a crash in socket code path due to the fact that one of the socket is in the free list. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was extracted from AIX Security Advisory socketadvisory.asc...

AIX 7.1 TL 1 : socket (IV21235)

When socketpair calls are used on the system we could see a crash in socket code path due to the fact that one of the socket is in the free list. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text in the description was extracted from AIX Security Advisory socketadvisory.asc...

Potential memory corruption during font rendering using cairo-dwrite — Mozilla

Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. This is created by using cairo-dwrite to attempt to render fonts on an unsupport...

CVE-2011-1946

gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but proceeds with the non-error code path upon failure of the setgid or setuid function, which allows local users to gain privileges by leveraging access to two unprivileged user accounts, and running many processes under one of thes...

OpenSSH 3.5p1 Remote Root Exploit for FreeBSD

OpenSSH 3.5p1 Remote Root Exploit for FreeBSD OpenSSH 3.5p1 Remote Root Exploit for FreeBSD has been shared by kcope on twitter. The Released note is as given below : OpenSSH 3.5p1 Remote Root Exploit for FreeBSD Discovered and Exploited By Kingcope Year 2011 -- The last two days I have been...

Nodesforum 1.059 Remote File Inclusion

Exploit Title: nodesforum 1.059 Remote File Inclusion Vulnerability Google Dork: inurl: powered by Nodesforum Date: 6/23/2011 Author: bd0rk bd0rkathackermail.com Software-Download: http://home.nodesforum.com/download?file=nodesforum1.059withbbcode1.004.zip Tested on: Ubuntu-Linux / WinVista...

Unbound -- an empty error packet handling assertion failure

Unbound developer reports: NLnet Labs was notified of an error in Unbound's code-path for error replies which is triggered under special conditions. The error causes the program to abort...

Mozilla Firefox 2.0.0.16 Buffer Overflow

!/usr/bin/python FireFox 2.0.0.16 Windows XP SP3 x86 Remote Exploit Author: Dominic Chell Exploits the UTF-8 URL overflow vulnerability described in CVE-2008-0016. As of September 2009 there are no public exploits for this vulnerability. However, according to securityfocus an exploit is available...

Design/Logic Flaw

os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the 1 /tmp/mounted-map or 2 /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating "the insecure code path should only ever run inside a d-i environment, which has no non-roo...