openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

CVE-2016-1238

1 cpan/Archive-Tar/bin/ptar, 2 cpan/Archive-Tar/bin/ptardiff, 3 cpan/Archive-Tar/bin/ptargrep, 4 cpan/CPAN/scripts/cpan, 5 cpan/Digest-SHA/shasum, 6 cpan/Encode/bin/enc2xs, 7 cpan/Encode/bin/encguess, 8 cpan/Encode/bin/piconv, 9 cpan/Encode/bin/ucmlint, 10 cpan/Encode/bin/unidump, 11...

Huawei ISM Professional Cross Site Scripting

Title: Huawei ISM Professional XSS Vulnerability Software : ISM Professional OceanStor Software Version : CopyrightHuawei Technologies Co., Ltd. 2009-2010. All rights reserved. Vendor: www.huawei.com Vulnerability Published : 2016-07-25 Author：zhiweijiang Email:[email protected] Impact :...

Silurus Classifieds 2.0 Cross Site Scripting

Title: Silurus Classifieds XSS Vulnerability Software : Silurus Classifieds Software Version : v2.0 Vendor: http://snowhall.com/slides/silurus Vulnerability Published : 2016-07-25 Author：zhiweijiang Email:[email protected] Impact : MediumCVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N Bug...

DEBIAN-CVE-2016-6296

Integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

UBUNTU-CVE-2016-6296

Integer signedness error in the simplestringaddn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9, allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other...

Nextcloud: Content Spoofing

Hi i got content spoofing vulnerability . Content spoofing, also referred to as content injection or virtual defacement, is an attack targeting a user made possible by an injection vulnerability in a web application. POC Link :- https://nextcloud.com/.htacess%20THIS%20IS%20CONTENT%20SPOOFING...

PHPFox 4 Cross Site Scripting

Title : PhpFox4 Cross Site Scripting Vuln. Author : bl4ckMohajeM [email protected] Software Link: http://www.phpfox.com/ Version: 4 Date : 06/09/2016 Category: WebApps Tested with : Ubuntu / Win Description In this Cms theres is a Cross Site Scripting Vurlnerablities in 'nsextt' Parameter...

Linux/x86-64 - XOR Encode execve Shellcode

/ Title : Linux x8664 XOR encode execve"/bin//sh","//bin/sh","-i",NULL,NULL shellcode Date : 31-05-2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 / / main code ------------------------ section .text global start start: xor rax,rax xor rdx,rdx push rax push rax mov...

Linux x86_64 XOR Encode execve Shellcode

Linux x8664 XOR Encode execve Shellcode. Shellcode exploit for linx86-64 platform / Title : Linux x8664 XOR encode execve"/bin//sh","//bin/sh","-i",NULL,NULL shellcode Date : 31-05-2016 Author : Roziul Hasan Khan Shifat Tested On : Ubuntu 14.04 LTS x8664 / / main code ------------------------...

UBUNTU-CVE-2016-4345

Integer overflow in the phpfilterencodeurl function in ext/filter/sanitizingfilters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow...

openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

Bugcrowd Bug Bounty #7 - Persistent Web Vulnerability

Document Title: =============== Bugcrowd Bug Bounty 7 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1830 ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b Release Date: ============= 2016-05-10...

openssl: EVP_EncodeUpdate overflow

An integer overflow flaw, leading to a buffer overflow, was found in the way the EVPEncodeUpdate function of OpenSSL parsed very large amounts of input data. A remote attacker could use this flaw to crash an application using OpenSSL or, possibly, execute arbitrary code with the permissions of th...

DEBIAN-CVE-2016-2105

Integer overflow in the EVPEncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service heap memory corruption via a large amount of binary data...

OpenSSL EVP_EncodeUpdate Overflow Vulnerability (CNVD-2016-02678)

OpenSSL is a general-purpose open source cryptographic library that implements Secure Sockets Layer and Secure Transport Layer protocols and can support a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, secure hashing algorithms, and so on. An overflow...

UBUNTU-CVE-2016-2105

Integer overflow in the EVPEncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service heap memory corruption via a large amount of binary data...

C And C++ For OS Filter Bypass / Script Insertion

Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ====================================...

C/C++ Offline Compiler and C For OS - Persistent Cross-Site Scripting

Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ====================================...