[SECURITY] Fedora 20 Update: patch-2.7.5-1.fc20

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

[SECURITY] Fedora 21 Update: patch-2.7.5-1.fc21

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

[SECURITY] Fedora 22 Update: patch-2.7.5-1.fc22

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

[SECURITY] Fedora 21 Update: patch-2.7.4-1.fc21

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

[SECURITY] Fedora 21 Update: patch-2.7.3-1.fc21

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

UBUNTU-CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

UBUNTU-CVE-2014-9637

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service memory consumption and segmentation fault via a crafted diff file...

xdelta3 -- buffer overflow vulnerability

Stepan Golosunov reports: Buffer overflow was found and fixed in xdelta3 binary diff tool that allows arbitrary code execution from input files at least on some systems...

Searching Through Git Commits

gumbler is a script I wrote to search through git commits. Examples from github are discussed below. .gitignore A gitignore file is used to specify files that should not be tracked by git source gitignore. In the default case, gumbler will read the gitignore file for the project and search every...

BurpSentintel - GUI Burp Plugin to ease discovering of security holes in web applications

A plugin for Burp Intercepting Proxy, to aid and ease the identification of vulnerabilities in web applications. Searching for vulnerabilities in web applications can be a tedious task. Most of the time consists of inserting magic chars into parameters, and looking for suspicious output. Sentinel...

CVE-2014-5027

Cross-site scripting XSS vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff fragment page...

Python - Interpreter Heap Memory Corruption (PoC)

No description provided by source. Title: Python Interpreter Heap Memory Corruption Date: Sun, 30 Mar 2014 20:09:44 -0400 Vulnerability Discovered By : Unknown Proof of Concept : Debasish Mandal https://twitter.com/debasishm89 Software Link: https://www.python.org/ Version: All , Fix released...

Python - Interpreter Heap Memory Corruption (PoC)

Title: Python Interpreter Heap Memory Corruption Date: Sun, 30 Mar 2014 20:09:44 -0400 Vulnerability Discovered By : Unknown Proof of Concept : Debasish Mandal https://twitter.com/debasishm89 Software Link: https://www.python.org/ Version: All , Fix released...

Python - Interpreter Heap Memory Corruption (PoC)

Python - Interpreter Heap Memory Corruption PoC Title: Python Interpreter Heap Memory Corruption Date: Sun, 30 Mar 2014 20:09:44 -0400 Vulnerability Discovered By : Unknown Proof of Concept : Debasish Mandal https://twitter.com/debasishm89 Software Link: https://www.python.org/ Version: All , Fix...

WordPress 3.8.2 patch analysis HMAC timing attack-vulnerability warning-the black bar safety net

author: [email protected] 0x00 background On github over and over to see for a long time, the official version of the diff only in php where changes to a location: | 1 2 | - if $hmac != $hash + if hashhmac 'md5', $hmac, $key !== hashhmac 'md5', $hash, $key ---|--- WP developers just...

PHPMPS信息分类系统二次SQL注入1-5

简要描述： PHPMPS信息分类系统多处SQL注入 详细说明： 第1-3处SQL注入 二次注入，问题在会员中心，购买信息币是存在二次注入： member.php文件： case 'actgold': $type = $POST'type'; $number = $type == 'money2gold' ? intval$POST'mnumber' : intval$POST'cnumber'; if$number $userinfo'money' showmsg'您的资金不足以支付此次购买'; moneydiff$username, $money, $type; else...

[SECURITY] Fedora 17 Update: kdesdk-4.10.4-1.fc17

A metapackage/collection of applications and tools used by developers, incl uding: cervisia: a CVS frontend kate: advanced text editor kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays designer's UI files lokalize: computer-aided...

[SECURITY] Fedora 18 Update: kdesdk-4.10.4-1.fc18

A metapackage/collection of applications and tools used by developers, incl uding: cervisia: a CVS frontend kate: advanced text editor kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays designer's UI files lokalize: computer-aided...

generic

This plugin finds all kind of bugs without using a fixed database of errors. This is a new kind of methodology that solves the main problem of most web application security scanners. Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- diffratio | float |...

CVE-2013-0162

The diffpp function in lib/gauntletrubyparser.rb in the rubyparser gem 3.1.1 and earlier for Ruby allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a predictable name in /tmp...