Linux kernel IP fragment re-assembly vulnerable to denial of service

Overview The Linux kernel, versions 3.9+, IP implementation is vulnerable to denial of service conditions with low rates of specially modified packets. Description CWE-400: Uncontrolled Resource Consumption 'Resource Exhaustion' - CVE-2018-5391The Linux kernel, versions 3.9+, is vulnerable to a...

Node.js third-party modules: [samsung-remote] Command injection

I would like to report a command injection vulnerability in the samsung-remote npm module. It allows arbitrary shell command execution through a maliciously crafted argument. Module module name: samsung-remote version: 1.2.5 npm page: https://www.npmjs.com/package/samsung-remote Module Descriptio...

Node.js third-party modules: [egg-scripts] Command injection

I would like to report a command injection vulnerability in egg-scripts. It allows arbitrary shell command execution through a maliciously crafted command line argument. Module module name: egg-scripts version: 2.6.0 npm page: https://www.npmjs.com/package/egg-scripts Module Description "deploy...

rtorrent 0.9.6 - Denial of Service Exploit

Exploit for linux platform in category dos / poc Exploit Title: rtorrent 0.9.6 - Denial of Service Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET,...

rtorrent 0.9.6 Denial Of Service

Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connect'1.3.3.7', 6890...

rtorrent 0.9.6 - Denial of Service

Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connect'1.3.3.7', 6890...

rtorrent 0.9.6 - Denial of Service

rtorrent 0.9.6 - Denial of Service Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET,...

DSA-4205-1 jessie end-of-life

This is an advance notice that regular security support for Debian GNU/Linux 8 code name "jessie" will be terminated on the 17th of June. As with previous releases additional LTS support will be provided for a reduced set of architectures and packages, a separate announcement will be available in...

Quagga bgpd is affected by multiple vulnerabilities

Overview The Quagga BGP daemon bgpd prior to version 1.2.3 may be vulnerable to multiple issues that may result in denial of service, information disclosure, or remote code execution. Description CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer - CVE-2018-5378...

lighttpd < 1.4.28 Insecure Temporary File Creation

According to its banner, the version of lighttpd running on the remote host is prior to 1.4.28. Therefore, it may be, affected by the following vulnerability : - The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a...

Linux/x86-64 - sethostname(Rooted !) + killall Shellcode (33 bytes)

Linux/x8664 sethostname & killall 33 bytes shellcode Date: 2010-04-26 Author: zbt Tested on: x8664 Debian GNU/Linux / ; sethostname"Rooted !"; ; kill-1, SIGKILL; section .text global start start: ;-- setHostName"Rooted !"; 22 bytes --; mov al, 0xaa mov r8, 'Rooted !' push r8 mov rdi, rsp mov sil,...

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure

Summary Drive production profitability with Fiery servers and workflow products. See which Fiery digital front end is right for your current or future print engines and business needs. Manage all your printers from a single screen using this intuitive print job management interface. Description...

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure

Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242 Summary: Drive production profitability with Fiery servers and workflow...

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure

Xerox DC260 EFI Fiery Controller Webtools 2.0 - Arbitrary File Disclosure Xerox DC260 EFI Fiery Controller Webtools 2.0 Arbitrary File Disclosure Vendor: Electronics for Imaging, Inc. Product web page: http://www.efi.com Affected version: EFI Fiery Controller SW2.0 Xerox DocuColor 260, 250, 242...

The vulnerability in the software for converting images on the Debian GNU/Linux operating system arises from overflowing buffers in dynamic memory, allowing an attacker to cause the application to terminate abnormally.

The vulnerability of the software for converting image formats in the Debian GNU/Linux operating system is caused by an overflow in the buffer of dynamic memory. Exploiting this vulnerability allows a malicious actor to cause the application to terminate abnormally by using a specially crafted cu...

Debian DLA-1048-1 : ghostscript security update

Several issues were found in Ghostscript, the GPL PostScript/PDF interpreter, which allow remote attackers to cause a denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a crafted PostScript document. For Debian 7 'Wheezy', these proble...

CVE-2 0 1 6-6 6 6 2: Mysql remote code execution/privilege escalation technical analysis the official version of 9/1 3 Update-bug warning-the black bar safety net

I. VULNERABILITY MySQL 5.6.33 5.5.52 Clone mysql similarly affected, including: MariaDB PerconaDB II. INTRODUCTION An independent research organization found that more severe Mysql vulnerability, the briefing is among the more serious a vulnerability, CVE-2 0 1 6-6 6 6 2, which allows an attacker...

The vulnerability of the Debian GNU/Linux operating system, which allows a perpetrator to trigger a service failure

The vulnerability in the fs/fcntl.c file, as part of the patch “aufs 3.2.x+setfl-debian” from the linux-image package for the Debian GNU/Linux operating system, is related to pointer dereferencing errors. Exploitation of this vulnerability could allow an attacker, operating locally, to trigger a...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The cupsys-pstoraster package in the Debian GNU/Linux operating system has multiple vulnerabilities. Exploiting these vulnerabilities can lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the integrity of protected information

The multiple vulnerabilities in the libstdc++6 package of the Debian GNU/Linux operating system may lead to a violation of the integrity of protected information. These vulnerabilities can be exploited remotely...