1134 matches found
[SECURITY] Fedora 19 Update: distcc-3.2rc1-4.fc19
distcc is a program to distribute compilation of C or C++ code across several machines on a network. distcc should always generate the same results as a local compile, is simple to install and use, and is often two or more times faster than a local compile...
一步步击溃PHPYUN(另类方法绕过防注入)
简要描述: 由某处SQL注入引起,最终通过组合漏洞击溃PHPYUN 详细说明: 测试版本:PHPYUN 3.1 GBK beta 20140728 PHPYUN使用了两套waf,一套自己写的,一套360的,从第一套开始。 \data\db.safety.php: quotesGPC; // 效果:addslashes if$config'syistemplate'!='1' || md5md5$config'sysafekey'.$GET'm'!=$POST'safekey' foreach$POST as $id=$v safesql$id,$v,"POST",$config; $id...
Real Server 7/8/9 Remote Root Exploit (Windows & Linux)
No description provided by source. / / THCREALbad 0.4 - Wind0wZ & Linux remote root exploit / Exploit by: Johnny Cyberpunk thehackerschoice / THC PUBLIC SOURCE MATERIALS / / http://www.service.real.com/help/faq/security/rootexploit082203.html / / After successful exploitation of a Linux box just...
MailEnable Mail Server IMAP <= 1.52 Remote Buffer Overflow Exploit
No description provided by source. / MailEnable , IMAP Service, Remote Buffer Overflow Exploit v0.4 Homepage : www.mailenable.com Affected versions: Pro v1.52 Enterprise v1.01 Bug discovery : Nima Majidi at www.hat-squad.com Exploit code : class101 at www.hat-squad.com & dfind.kd-team.com Fix :...
Apache Portable Runtime, APR Utility Library: Denial of service
Background The Apache Portable Runtime aka APR provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library aka APR-Util provides an interface to functionality such as XML parsing, string matching and database connections. Description Multiple...
PT-2014-4948 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.1.8 Description: The issue is caused by an off-by-one error in the bpf jit compile function. This error can lead to a denial of service, resulting in a system crash, or potentially allow local users to gain...
Cryptanalysis Remains for TrueCrypt Audit
Phase two of the TrueCrypt audit figures to be a labor-intensive, largely manual cryptanalysis, according to the two experts behind the Open Crypto Audit Project OCAP. Matthew Green, crypto expert and professor at Johns Hopkins University, said a small team of experts will have to, by hand, exami...
perl Locale::Maketext code execution
It's possible to call external functions on template compilation...
Mozilla Firefox Javascript XBL Compilation Code Execution - Ver2 (CVE-2006-1733)
A code execution vulnerability has been reported in Mozilla Firefox. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
GetElementIC typed array stubs can be generated outside observed typesets — Mozilla
Mozilla developer Eric Faust reported that during JavaScript compilation GetElementIC typed array stubs can be generated outside observed typesets. This could lead to unpredictable behavior with a potential security impact...
[Tundeep v0.2a] Layer 2 VPN/Injection tool
Tundeep is a layer 2 VPN/injection tool that resides almost entirely in user space on the victim aside from the pcap requirement. This can be handled via a silent install however. The tool will build on Linux and Windows victims. Windows compilation is achieved using Cygwin. The attacker must be ...
Design/Logic Flaw
Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling...
tcp(port&seq) backdoor
Автор: slashd Что это? Реализации скрытого канала передачи данных на сервер с помощью стандартных полейв нашем случае поля SEQ и Source Port TCP-заголовка. Теоритическая часть. Реализовать скрытую передачу данных с помощью TCP-заголовка можно несколькими способами. Клиентхакер иницирующий...
Fedora 18 : gogoc-1.2-24.fc18 (2013-6656)
Fix PIE compilation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...
IDA Pro 6.3 - Crash (PoC)
/ IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License 6.3.120531 Mac OS X IDA Pr...
IDA Pro 6.3 - Crash (PoC)
IDA Pro 6.3 - Crash PoC / IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License...
Oracle Java findMethod findClass Security Bypass
Added: 08/30/2012 CVE: CVE-2012-4681 BID: 55213 OSVDB: 84867 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...
About mysql explosion serious compilation vulnerabilities in login authentication problem description-bug warning-the black bar safety net
A while back,mysql explosion of a more serious compilation vulnerabilities in login authentication problem The affected version has All MariaDB and MySQL versions up to 5.1.61, 5.2.11, 5.3.5, 5.5.22 arevulnerable. MariaDB versions from 5.1.62, 5.2.12, 5.3.6, 5.5.23 are not. MySQL versions from...
CentOS 6 : nss (CESA-2012:0973)
Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Network Security Services NSS is a set of...
nspr, nss security update
CentOS Errata and Security Advisory CESA-2012:0973 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2012-July/080886.html Affected packages: nspr nspr-devel nss nss-devel nss-pkcs11-devel nss-sysinit nss-tools nss-util nss-util-devel Upstream details at...