FreeBSD : pcre -- heap overflow vulnerability (6900e6f1-4a79-11e5-9ad8-14dae9d210b8)

Guanxing Wen reports : PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. The Heap Overflow vulnerability is caused by the...

pcre -- heap overflow vulnerability

Guanxing Wen reports: PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. The Heap Overflow vulnerability is caused by the followi...

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution

Flash - PCRE Regex Compilation Zero-Length Assertion Arbitrary Bytecode Execution Source: https://code.google.com/p/google-security-research/issues/detail?id=224&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id There’s an error in the PCRE engine version used in Flash that...

FreeBSD : pcre -- heap overflow vulnerability in '(?|' situations (ff0acfb4-3efa-11e5-93ad-002590263bf5)

Venustech ADLAB reports : PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compileregex. Exploits with advanced Heap Fengshui techniques may...

[SECURITY] Fedora 22 Update: cryptopp-5.6.2-9.fc22

Crypto++ Library is a free C++ class library of cryptographic schemes. See http://www.cryptopp.com/ for a list of supported algorithms. One purpose of Crypto++ is to act as a repository of public domain not copyrighted source code. Although the library is copyrighted as a compilation, the...

Win32k elevation of privilege vulnerability, CVE-2 0 1 5-1 7 0 1-exp-vulnerability warning-the black bar safety net

Win32k elevation of privilege vulnerability – CVE-2 0 1 5-1 7 0 1 If Win32k.sys kernel-mode driver improperly handles objects in memory, then there is a privilege elevation vulnerability. Successful exploitation of this vulnerability an attacker can run arbitrary code in kernel mode is. An attack...

Web Application Bruteforcer: 0d1n

0d1n is a Open Source web application bruteforcer and Fuzzer. If your objective is automate exhaustive tests and search for anomalies read vulnerabilities 0d1n can increase your productivity following web parameters, files, directories, forms and other things. With 0d1n you can brute force...

THC-Hydra 8.1 - Network Logon Cracker

A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa.Number one of the biggest security holes are passwords, as every password security study shows. This tool is a proof of concept...

Bash Me Some More

Good morning! This is kinda long. == Background == If you are not familiar with the original bash function export vulnerability CVE-2014-6271, you may want to have a look at this article: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Well, long story short: the...

[SECURITY] Fedora 21 Update: icecream-1.0.1-8.20140822git.fc21

Icecream is a distributed compile system. It allows parallel compiling by distributing the compile jobs to several nodes of a compile network running the icecc daemon. The icecc scheduler routes the jobs and provides status and statistics information to the icecc monitor. Each compile node can...

MailEnable Mail Server IMAP <= 1.52 Remote Buffer Overflow Exploit

No description provided by source. / MailEnable , IMAP Service, Remote Buffer Overflow Exploit v0.4 Homepage : www.mailenable.com Affected versions: Pro v1.52 Enterprise v1.01 Bug discovery : Nima Majidi at www.hat-squad.com Exploit code : class101 at www.hat-squad.com & dfind.kd-team.com Fix :...

Apache Portable Runtime, APR Utility Library: Denial of service

Background The Apache Portable Runtime aka APR provides a set of APIs for creating platform-independent applications. The Apache Portable Runtime Utility Library aka APR-Util provides an interface to functionality such as XML parsing, string matching and database connections. Description Multiple...

Design/Logic Flaw

Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling...

IDA Pro 6.3 - Crash (PoC)

IDA Pro 6.3 - Crash PoC / IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License...

IDA Pro 6.3 - Crash (PoC)

/ IDA Pro 6.3 crash due an internal error ELF anti-debugging/reversing patcher Published @ IOActive Labs Research blog: http://blog.ioactive.com/2012/12/striking-back-gdb-and-ida-debuggers.html - nitr0us http://twitter.com/nitr0usmx Tested under: IDA Pro Starter License 6.3.120531 Mac OS X IDA Pr...

[SECURITY] Fedora 15 Update: php-eaccelerator-0.9.6.1-9.fc15.3

eAccelerator is a further development of the MMCache PHP Accelerator & Enco der. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated...

Memory corruption

The OpenGL implementation in Apple Mac OS X before 10.7.3 does not properly perform OpenGL Shading Language aka GLSL compilation, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted program...

BSD libc/regcomp(3) Memory Management / Recursion

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple BSD libc/regcomp3 Multiple Vulnerabilities Author: Maksymilian Arciemowicz http://www.netbsd.org/donations/ http://securityreason.com/ http://cxib.net/ Date: - - Dis.: 05.10.2011 - - Pub.: 04.11.2011 CVE: CVE-2011-3336 Affected Software: - -...

[SECURITY] Fedora 16 Update: php-eaccelerator-0.9.6.1-9.fc16

eAccelerator is a further development of the MMCache PHP Accelerator & Enco der. It increases performance of PHP scripts by caching them in compiled state, so that the overhead of compiling is almost completely eliminated...

RedHat Update for gcc RHSA-2011:0025-01

Check for the Version of gcc OpenVAS Vulnerability Test RedHat Update for gcc RHSA-2011:0025-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...