DEBIAN-CVE-2016-5041

dwarfmacro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via a debugging information entry using DWARF5 and without a DWATname...

CVE-2016-5041

dwarfmacro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via a debugging information entry using DWARF5 and without a DWATname...

libdwarf heap buffer overflow vulnerability (CNVD-2016-11348)

libdwarf is a set of tools for reading and writing DWARF2 debugging information. A heap buffer overflow vulnerability exists in libdwarf. An attacker could exploit this vulnerability to execute arbitrary code in the context of an application...

Microsoft Windows - Kernel ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of communication with user-mode...

ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Exploit

This Metasploit module exploits a vulnerability found in ManageEngine Desktop Central 9. When uploading a 7z file, the FileUploadServlet class does not check the user-controlled ConnectionId parameter in the FileUploadServlet class. This allows a remote attacker to inject a null bye at the end of...

ManageEngine Desktop Central 9 - FileUploadServlet ConnectionId (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'nokogiri' class Metasploit3 "ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability", 'Description' = %q This module...

libunwind: off-by-one in dwarf_to_unw_regnum()

An off-by-one array indexing error was found in the libunwind API, which could cause an error when reading untrusted binaries or dwarf debug info data. Red Hat products do not call the API in this way; and it is unlikely that any exploitable attack vector exists in current builds or supported usa...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the krb5-debuginfo-1.9 package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the krb5-debuginfo-1.8.2 package of the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely...

CGIScript.net csPassword.CGI 1.0 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses...

Notepad++ 5.4.5 - Local .C/CPP Stack Buffer Overflow PoC (0day)

No description provided by source. / 0dayNotepad++ 5.4.5 Local .C/CPP Stack Buffer Overflow POC by fl0 fl0w / / LATEST FIXES Notepad++ v5.4.5 fixed bugs from v5.4.4 : 1. Fix plugins shortcuts not working bug. 2. Fix the tooltip on toolbar display bug for the plugins icons. 3. Fix a crash that was...

CVE-2011-4083

The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x before 2.2-17 includes 1 Certificate-based Red Hat Network private entitlement keys and the 2 private key for the entitlement in an archive of debugging information, which might allow remote attackers to obtain sensitive...

PotPlayer 1.5.40688 - '.avi' File Handling Memory Corruption

!/usr/bin/python Exploit Title: PotPlayer Version 1.5.40688 .avi File Handling Memory Corruption Vulnerability Date: 2013/12/20 Exploit Author: ariarat Software Link: http://www.videohelp.com/download/PotPlayer1.5.40688.EXE Version: 1.5.40688 Probably old version of PotPlayer too Vendor Homepage:...

CVE-2 0 1 3-3 8 9 7 sample analysis study notes-vulnerability warning-the black bar safety net

Before, see FireEye on the CVE-2 0 1 3-3 8 9 3 analysis, see Use way relatively similar, the thought is the same, the analysis of learning, discovery led to the question of object is inconsistent, it does not use the ms-help load the office of hxdl structure of the ROP, and later in the BinVul on...

Scientific Linux Security Update : sos on SL5.x (noarch) (20130730)

The sosreport utility collected the Kickstart configuration file '/root /anaconda-ks.cfg', but did not remove the root user's password from it before adding the file to the resulting archive of debugging information. An attacker able to access the archive could possibly use this flaw to obtain th...

Scientific Linux Security Update : systemtap on SL5.x, SL6.x i386/x86_64 (20120308)

SystemTap is an instrumentation system for systems running the Linux kernel. The system allows developers to write scripts to collect data on the operation of the system. An invalid pointer read flaw was found in the way SystemTap handled malformed debugging information in DWARF format. When...

Scientific Linux Security Update : brltty on SL5.x i386/x86_64

It was discovered that a brltty library had an insecure relative RPATH runtime library search path set in the ELF Executable and Linking Format header. A local user able to convince another user to run an application using brltty in an attacker-controlled directory, could run arbitrary code with...

sos security update

CentOS Errata and Security Advisory CESA-2012:0958 An updated sos package that fixes one security issue, several bugs, and adds various enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common...

Default credentials

The sosreport utility in the Red Hat sos package before 2.2-29 does not remove the root user password information from the Kickstart configuration file /root/anaconda-ks.cfg when creating an archive of debugging information, which might allow attackers to obtain passwords or password hashes...

CVE-2012-2664

CVE-2012-2664 affects the sosreport utility in the Red Hat sos package prior to 2.2-29. The root user password information found in the Kickstart configuration file (/root/anaconda-ks.cfg) is not removed when creating an archive of debugging information, potentially allowing an attacker to obtain...