BST (Binary String Toolkit) - Quickly And Easily Convert Binary Strings For All Your Exploit Development Needs

The Binary String Toolkit or BST for short is a rather simple utility to convert binary strings to various formats suitable for later inclusions in source codes, such as those used to develop exploits in the security field. Features Dump files content to standard output in a binary string format...

Important: Red Hat Security Advisory: rh-ruby23-ruby security, bug fix, and enhancement update

An update for rh-ruby23-ruby is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick

It was found that WEBrick did not sanitize all its log messages. If logs were printed in a terminal, an attacker could interact with the terminal via the use of escape sequences...

[ASA-201803-1] busybox: arbitrary code execution

Arch Linux Security Advisory ASA-201803-1 ========================================= Severity: High Date : 2018-03-01 CVE-ID : CVE-2017-16544 Package : busybox Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-512 Summary ======= The package busybox before versi...

[ASA-201803-2] mkinitcpio-busybox: arbitrary code execution

Arch Linux Security Advisory ASA-201803-2 ========================================= Severity: High Date : 2018-03-01 CVE-ID : CVE-2017-16544 Package : mkinitcpio-busybox Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-514 Summary ======= The package...

RHEL 7 : ruby (RHSA-2018:0378)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:0378 advisory. - ruby: Buffer underrun vulnerability in Kernel.sprintf CVE-2017-0898 - rubygems: Escape sequence in the summary field of gemspec...

ruby security update

2.0.0.648-33 - Fix always passing WEBrick test. 2.0.0.648-32 - Add Psych.safeload ruby-2.1.0-there-should-be-only-one-exception.patch ruby-2.1.0-Adding-Psych.safeload.patch Related: CVE-2017-0903 - Disable Tokyo TZ tests broken by recen tzdata update. ruby-2.5.0-Disable-Tokyo-TZ-tests.patch...

CVE-2014-8166

The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name...

MGASA-2017-0482 Updated ruby-RubyGems packages fix security vulnerabilities

An ANSI escape sequence vulnerability CVE-2017-0899. A DoS vulnerability in the query command CVE-2017-0900. A vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files CVE-2017-0901. A DNS request hijacking vulnerability CVE-2017-0902. An unsafe object...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

Fluentd vulenrable to escape sequence injection

Overview Fluentd provided by Cloud Native Computing Foundation CNCF contains an escape sequence injection vulnerability. Fluentd is an open source data collector provided by Cloud Native Computing Foundation CNCF. The parse Filter Plugin for Fluentd contains an escape sequence injection...

Escape Sequence Injection

Fluentd is vulnerable to escape sequence injection attacks. User input is pushed directly to the logs without filtering, allowing an attacker to change the terminal UI or execute commands on the device parsing the logs...

Design/Logic Flaw

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-10906

Summary: CVE-2017-10906 is a Fluentd escape sequence injection vulnerability. Affects Fluentd releases 0.12.29–0.12.40, where the filter_parser.rb:filter_stream path can lead to arbitrary command execution or terminal UI changes via unspecified log-processing vectors. Root cause: escape sequence ...

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2017-16544

In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...

CVE-2017-16544

In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...

Debian DSA-4031-1 : ruby2.3 - security update

Several vulnerabilities have been discovered in the interpreter for the Ruby language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-0898 aerodudrizzt reported a buffer underrun vulnerability in the sprintf method of the Kernel module resulting in...