CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

0day.today•added 2019/04/09 12:0 a.m.•18 views

Linux/x64 - XANAX Encoder Shellcode (127 bytes)

Linux/x64 - XANAX Encoder Shellcode 127 bytes ; Date: 08/04/2019 ; XANAX Encoder ; Author: Alan Vivona ; Description: Uses xor-add-not-add-xor sequence with a 4 byte key and writes the encoded version to stdout ; Tested on: x86-x64 GNU/Linux global start segment .data keys.xor1 equ 0x29 keys.add1...

0.1AI score

FreeBSD•added 2019/04/09 12:0 a.m.•70 views

dovecot -- json encoder crash

Aki Tuomi reports: CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject...

7.5CVSS0.2AI score0.01284EPSS

OPENSUSE Linux•added 2019/03/28 12:0 a.m.•133 views

Security update for ffmpeg-4 (low)

openSUSE Security Update: Security update for ffmpeg-4 Announcement ID: openSUSE-SU-2019:1066-1 Rating: low References: 1092241 1100348 1105869 Cross-References: CVE-2018-13300 CVE-2018-15822 Affected Products: openSUSE Backports SLE-15 An update that solves two vulnerabilities and has one errata...

8.1CVSS8.8AI score0.01442EPSS

Exploits0References3

Tenable Nessus•added 2019/03/27 12:0 a.m.•46 views

openSUSE Security Update : ffmpeg-4 (openSUSE-2019-691)

This update for ffmpeg-4 to version 4.0.2 fixes the following issues : These security issues were fixed : - CVE-2018-15822: The flvwritepacket function did not check for an empty audio packet, leading to an assertion failure and DoS bsc1105869. - CVE-2018-13300: An improper argument passed to the...

8.1CVSS6.5AI score0.01442EPSS

Exploits0References5

ossfuzz•added 2019/03/26 2:18 a.m.•19 views

lame/fuzzer-encoder: Heap-buffer-overflow in do_copy_buffer

Project: https://svn.code.sf.net/p/lame/svn/trunk/lame Detailed report: https://oss-fuzz.com/testcase?key=5717291922096128 Project: lame Fuzzer: libFuzzerlamefuzzer-encoder Fuzz target binary: fuzzer-encoder Job Type: libfuzzerasanlame Platform Id: linux Crash Type: Heap-buffer-overflow WRITE Cra...

6.8AI score

Exploits0Affected Software1

Exploit DB•added 2019/03/15 12:0 a.m.•198 views

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload

!/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://viewsvn.cmsmadesimple.org/listing.php?repname=showtim...

0day.today•added 2019/03/10 12:0 a.m.•226 views

Linux/x86 - INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)

/ ''' ; Date: 07/03/2019 ; Insertion-Encoder.asm ; Author: Daniele Votta ; Description: This program encode shellcode with insertion technique 0xAA. ; Tested on: i686 GNU/Linux ''' !/usr/bin/python Python Insertion Encoder import random Execve /bin/sh 25 bytes shellcode...

CNVD•added 2019/02/25 12:0 a.m.•1 views

Teracue ENC-400 Command Injection Vulnerability

The Teracue ENC-400 is a portable multi-flow encoder from Teracue Germany. A command injection vulnerability exists in the login form of the Teracue ENC-400, which can be exploited to execute code when the program passes user input to a shell command without performing any escaping or validation...

10CVSS8AI score0.30681EPSS

Exploits5References1

Positive Technologies•added 2019/02/21 12:0 a.m.•2 views

PT-2021-4535 · FFmpeg +5 · Ffmpeg +5

Name of the Vulnerable Software and Affected Versions: FFmpeg version 4.1 Description: The issue is related to a buffer overflow in the apng do inverse blend component of the Ffmpeg library, which could allow a remote attacker to cause a Denial of Service. Recommendations: For FFmpeg version 4.1,...

10CVSS6.3AI score0.22EPSS

Exploits45References317

NVD•added 2019/02/13 4:29 p.m.•10 views

CVE-2018-15781

The Dell Wyse Password Encoder in ThinLinux2 versions prior to 2.1.0.01 contain a Hard-coded Cryptographic Key vulnerability. An unauthenticated remote attacker could reverse engineer the cryptographic system used in the Dell Wyse Password Encoder to discover the hard coded private key and decryp...

8CVSS7.7AI score0.00241EPSS

OSV•added 2019/02/13 4:29 p.m.•2 views

CVE-2018-15781

8CVSS5.8AI score0.00241EPSS

CVE•added 2019/02/13 4:0 p.m.•36 views

CVE-2018-15781

CVE-2018-15781 concerns Dell Wyse Password Encoder on ThinLinux2 versions prior to 2.1.0.01, which contains a hard-coded cryptographic key. An unauthenticated remote attacker could reverse engineer the cryptographic system to discover the private key and decrypt locally stored ciphertext. The vul...

8CVSS7.8AI score0.00241EPSS

Exploits0References1Affected Software1

Cvelist•added 2019/02/13 4:0 p.m.•16 views

CVE-2018-15781 DSA-2019-022: Dell Wyse Password Encoder Hard-coded Cryptographic Key Vulnerability

7.9CVSS7.8AI score0.00241EPSS

Akamai Blog•added 2019/02/07 7:19 p.m.•108 views

Qualifying Encoders with Akamai

Introduction The encoder qualification program was created to improve the process for vendors that wish to align themselves with Akamai network specific requirements. It is also intended to , mitigate the risk of encoder issues before using in production. A formal process is being introduced to...

0.4AI score

0day.today•added 2019/02/05 12:0 a.m.•42 views

Linux/x86 - Random Insertion Encoder and Decoder Shellcode (Generator)

!/usr/bin/python Python Random Insertion Encoder Author: Aditya Chaudhary Date: 5th Feb 2019 import random import sys import argparse shellcode = "\x31\xc0\x50\x89\xe2\x68\x62\x61\x73\x68\x68\x62\x69\x6e\x2f\x68\x2f\x2f\x2f\x2f\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80" Parse Arguments parser =...

ossfuzz•added 2019/01/21 7:7 a.m.•11 views

imagemagick/encoder_label_fuzzer: Crash in GlobExpression

Project: https://github.com/imagemagick/imagemagick.git Detailed report: https://oss-fuzz.com/testcase?key=5643591676854272 Project: imagemagick Fuzzer: libFuzzerimagemagickencoderlabelfuzzer Fuzz target binary: encoderlabelfuzzer Job Type: libfuzzerasanimagemagick Platform Id: linux Crash Type:...

6.8AI score

Exploits0Affected Software1

Exploit DB•added 2018/12/04 12:0 a.m.•34 views

Emacs - movemail Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Emacs movemail Privilege Escalation', 'Description' = %q This module exploits a SUID installation of the Emacs movemail utility to run a command ...