100 matches found
Notepad++: Command injection by setting a custom search engine
Summary: Arbitrary commands can be injected when using the "Search on Internet" function with a malicious custom search engine. The custom search engine can be set through the GUI or the config files, with different attack scenarios. Description: The "Search on Internet" context menu functionalit...
radare2 denial of service vulnerability (CNVD-2018-12199)
Radare2 is a complete framework for reverse engineering and analyzing binaries, consisting of a series of small utilities that can be used together or independently of the command line. A denial of service vulnerability exists in the getdebuginfo function in radare2 2.5.0. A remote attacker can...
ALPINE-CVE-2018-7568
The parsedie function in dwarf1.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service integer overflow and application crash via an ELF file with corrupt dwarf1 debug information, as demonstrated by nm...
WePay: open 80 port of internal host leaking some configuration info
A testing stage server was accessible from the internet leaking some debug info. Thanks @ruvlol for reporting this to us. A testing stage was accessible to everyone in internet, leaking some debug info...
UBUNTU-CVE-2017-15022
dwarf2.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.29, does not validate the DWATname data type, which allows remote attackers to cause a denial of service bfdhashhash NULL pointer dereference, or out-of-bounds access, and application crash via a craft...
GNU Binutils Denial of Service Vulnerability (CNVD-2017-30075)
GNU Binutils is a set of programming tools for creating and managing binary programs, object files, libraries, profile data and assembly source code. A denial of service vulnerability exists in processdebuginfo in dwarf.c in the Binary File Descriptor BFD library used in GNU Binutils, which can b...
Fedora 26 : php-pear-CAS (2017-2f3096ba16)
Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...
Information disclosure
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...
Fedora 24 : php-pear-CAS (2017-d9d620366e)
Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...
Fedora 25 : php-pear-CAS (2017-2a90185a04)
Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...
shopify-scripts: Null pointer dereference in OP_ENTER
PoC === The following demonstrates a crash: class A def foo end end class B argv = ary-ptr; gdb p ary $1 = struct RArray 0x0 Test platform ============= Linux Mint 17.3 Cinnamon 64-bit, built with gcc version 4.8.4 Ubuntu 4.8.4-2ubuntu114.04.3 mruby SHA: a14a930c800aa50a191922580d53a2ce09287912...
shopify-scripts: Null pointer dereference in mrb_class
PoC === The following demonstrates a crash: if def class A ensure e rescue 0 end end .map.a Debug info ========== The crash happens due to a null pointer dereference in mrbclass, class.h:50. 50├ return mrbobjptrv-c; Valgrind shows several reads inside free'd blocks. Test platform =============...
shopify-scripts: Null pointer dereference in ary_concat
PoC === The following demonstrates a crash: def f end @a = f &:s Debug info ========== mruby crashes in array.c:260 due to a null pointer dereference. 256│ aryconcatmrbstate mrb, struct RArray a, struct RArray a2 257│ 258│ mrbint len; 259│ 260├ if a2-len ARYMAXSIZE - a-len 261│ mrbraisemrb,...
libunwind: off-by-one in dwarf_to_unw_regnum()
An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...
libunwind: off-by-one in dwarf_to_unw_regnum()
An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...
The vulnerability of the OpenSUSE operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the libxml2-debuginfo-x86 package in the OpenSUSE operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...
Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the kernel-debuginfo-common-s390x-2.6.32 package of the Red Hat Enterprise Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the kernel-debug-debuginfo-2.6.32 package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities of the krb5-debuginfo package in the SUSE Linux Enterprise operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities of the krb5-debuginfo-x86 package of the SUSE Linux Enterprise operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...