PHP study notes and security vulnerabilities-vulnerability warning-the black bar safety net

System variables $POST // get the post data is a dictionary $GET // get get data, is a dictionary The error control operator PHP supports one error control operator:@the. When it is placed in a PHP expression, the expression may produce any error information is ignored. Variable default value Whe...

CVE-2017-5333

Integer overflow in the extractgroupiconcursorresource function in b/wrestool/extract.c in icoutils before 0.31.1 allows local users to cause a denial of service process crash or execute arbitrary code via a crafted executable file...

PT-2017-16437 · Icoutils +5 · Icoutils +5

Name of the Vulnerable Software and Affected Versions: icoutils versions prior to 0.31.1 Description: The issue allows local users to cause a denial of service and execute arbitrary code via a crafted executable. This is due to the extract group icon cursor resource function in wrestool/extract.c...

UBUNTU-CVE-2017-5332

The extractgroupiconcursorresource in wrestool/extract.c in icoutils before 0.31.1 can access unallocated memory, which allows local users to cause a denial of service process crash and execute arbitrary code via a crafted executable...

Fedora 24 : tracker (2016-631737a49a)

This update adds security sandboxing to tracker-extract. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional...

Google Chrome + Fedora 25 / Ubuntu 16.04 - tracker-extract / gnome-video-thumbnailer + totem Drive-B

Exploit for linux platform in category local exploits Overview Full reliable 0day drive-by exploit against Fedora 25 + Google Chrome, by breaking out of Super Nintendo Entertainment System emulation via cascading side effects from a subtle and interesting emulation error. I had a lot of fun...

GLSA-201611-19 : Tar: Extract pathname bypass

The remote host is affected by the vulnerability described in GLSA-201611-19 Tar: Extract pathname bypass Tar attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path names...

Tar: Extract pathname bypass

Background The Tar program provides the ability to create and manipulate tar archives. Description Tar attempts to avoid path traversal attacks by removing offending parts of the element name at extract. This sanitizing leads to a vulnerability where the attacker can bypass the path names specifi...

php: Invalid free() instead of efree() in phar_extract_file()

/ext/phar/pharobject.c in PHP 7.0.7 and 5.6.x allows remote attackers to execute arbitrary code. NOTE: Introduced as part of an incomplete fix to CVE-2015-6833...

php: Integer overflow leads to buffer overflow in virtual_file_ex

Integer overflow in the virtualfileex function in TSRM/tsrmvirtualcwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service stack-based buffer overflow or possibly have unspecified other impact via a crafted extract operation on a Z...

GNU tar 1.29 Extract Pathname Bypass

---------------- t2'16 special vulnerability release ----------------- Vulnerability: POINTYFEATHER aka Tar extract pathname bypass Credits: Harry Sintonen / FSC1V Cyber Security Services Date: 2016-10-27 Impact: File overwrite in certain situations Classifier: Full spectrum cyber CVSS: 4.3.2...

Ubuntu tracker-extract Package Denial of Service Vulnerability

Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation.Vivid is a development code name for Ubuntu. A denial of service vulnerability exists in the Ubuntu tracker-extract Package. An attacker could exploit this vulnerability to crash an applicatio...

[SECURITY] Fedora 25 Update: perl-Image-Info-1.38-6.fc25

This Perl extension allows you to extract meta information from various types of image files...

Code injection

F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modify or extract system configuration files vi...

7zip NArchive::NHfs::CHandler::ExtractZlibFile method heap buffer overflow vulnerability

7-Zip is a free, open source compression/decompression software. A heap buffer overflow vulnerability exists in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7-Zip 32 15.05 beta and 64 9.20. An attacker can exploit this vulnerability to execute arbitrary code...

Silicon Graphics LibTiff 'extractContigSamplesBytes' Function Denial of Service Vulnerability

Silicon Graphics LibTiff is a library for reading and writing TIFF files. A security vulnerability in the 'extractContigSamplesBytes' function of Silicon Graphics LibTiff allows remote attackers to exploit the vulnerability to construct special TIFF images that can be tricked into being parsed by...

Meteocontrol WEB’log - Admin Password Disclosure (Metasploit)

Meteocontrol WEB’log - Admin Password Disclosure Metasploit Exploit Title: Meteocontrol WEB'log - Extract Admin password Discovered by: Karn Ganeshen Vendor Homepage: http://www.meteocontrol.com/en/ Versions Reported: All Meteocontrol WEB'log versions CVE-ID: CVE-2016-2296 Meteocontrol WEB'log -...

IBM Lotus Domino R8 - Password Hash Extraction

IBM Lotus Domino R8 - Password Hash Extraction Exploit Title: IBM Lotus Domino = R8 Password Hash Extraction Exploit Google Dork: inurl:names.nsf?opendatabase Date: 02-24-2016 Exploit Author: Jonathan Broche Contact: https://twitter.com/g0jhonny Vendor Homepage:...

UEFI firmware image viewer and editor: UEFITool

It supports parsing of full BIOS images starting with the flash descriptor or any binary files containing UEFI volumes. Original development was started here at MDL forums as a cross-platform analog to PhoenixTool ‘s structure mode with some additional features, but the program’s engine was prove...

WordPress W3 Total Cache Security Credentials Hash Extract

A hash extract vulnerability has been reported in WordPress W3 Total Cache Plugin. Successful exploitation of this vulnerability would allow a remote attacker to obtain username and password hashes from affected WordPress servers...