Microsoft Office OLE DLL End Load Vulnerability

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A security vulnerability exists in Microsoft Office that originates from the program failing to properly...

glibc: getaddrinfo() writes DNS queries to random file descriptors under high load

It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application...

Google Chrome FrameLoader::startLoad Same Origin Policy Bypass Vulnerability

Google Chrome is a web browsing tool developed by Google. In versions of Google Chrome prior to 51.0.2704.79, the Blink/WebKit/Source/core/loader/FrameLoader.cpp/FrameLoader::startLoad function fails to prevent frame navigation in the DocumentLoader separation operation. A same-origin policy bypa...

The vulnerability of the PHP interpreter allows attackers to read arbitrary files or write to them.

The vulnerability of the PHP interpreter lies in the lack of checks for the sequence “%00” in the path name. Exploiting this vulnerability allows an attacker to read arbitrary files or write to them using specially crafted input data for an application that calls the method DOMDocument.load, the...

Tor Hidden Services Load Balancing: OnionBalance

Tor Hidden Services Load Balancing The OnionBalance software allows for Tor hidden service requests to be distributed across multiple backend Tor instances. OnionBalance provides load-balancing while also making onion services more resilient and reliable by eliminating single points-of-failure...

Modern Reverse Proxy: Traefik

Modern Reverse Proxy Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease. It supports several backends Docker , Swarm , Mesos/Marathon , Kubernetes , Consul , Etcd , Zookeeper , BoltDB , Rest API, file… to manage its configuration automatically and...

libdwarf '_dwarf_load_section' function denial of service vulnerability

libdwarf is a set of tools for reading and writing DWARF2 debugging information. A security vulnerability exists in the 'dwarfloadsection' function of libdwarf. An attacker can exploit this vulnerability to cause a denial of service null pointer backreference...

HackerOne: Denial of service in report view.

Hello Team! First of all thank you for acknowledging my feature request, I know it will help a lot of users. Description: ========== I just wanted to report a potential vulnerability on the report view functionality. For obvious reasons I'm using my sandboxed team on an alternate account to test...

Adobe Flash - .MP4 Stack Corruption

Adobe Flash - .MP4 Stack Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=760 The attached mp4 file causes stack corruption in flash. To load, put LoadMP42.swf on a server and load http://127.0.0.1/LoadMP42.swf?file=t.mp4. Proof of Concept:...

Red Hat OpenShift Enterprise HAProxy Information Disclosure Vulnerability

Red Hat OpenShift is a platform-as-a-service cloud computing platform that builds, tests, deploys, and runs applications.HAProxy is an open source TCP/HTTP load balancing server. An information disclosure vulnerability exists in HAProxy used by Red Hat OpenShift Enterprise, allowing remote...

ntpd Information Disclosure Vulnerability

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. A security vulnerability exists in ntpd version 4.x before 4.2.8p7 and version 4.3 before 4.3.92. An attacker could exploit the...

Paragon Initiative Enterprises: The Anti-CSRF Library fails to restrict token to a particular IP address when being behind a reverse-proxy/WAF

The Anti-CSRF Library provides the ability to restrict token to a particular IP address using the variable "$hmacip". When "$hmacip" is set to "true", the token is generated using the predefined variable "$SERVER'REMOTEADDR'" which gives the IP address of the client. However, when the web server ...

Gateway Edge Service: Zuul

Zuul is a gateway service that provides dynamic routing, monitoring, resiliency, security, and more. Zuul is the front door for all requests from devices and web sites to the backend of the Netflix streaming application. As an edge service application, Zuul is built to enable dynamic routing,...

CVE-2016-1653

The LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related...

Versatile HTTP load testing: vegeta

Vegeta is a versatile HTTP load testing tool built out of a need to drill HTTP services with a constant request rate. Vegeta can be used both as a command line utility and a library. Install Pre-compiled executables Get them here . Homebrew on Mac OS X You can install Vegeta using the Homebrew...

Hawk Denial of Service Vulnerability

Hawk is a set of HTTP authentication schemes that use Message Authentication Code MAC algorithms in order to provide cryptographic authentication of localized HTTP requests. A denial-of-service vulnerability exists in Hawk versions prior to 3.1.3 and 4.x prior to 4.1.1, which can be exploited by...

RHEL 6 : kernel (RHSA-2016:0617)

An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Moderate: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

.NET Framework Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delet...

CVE-2016-1648

Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimesextensionbindings.cc in the Extensions implementation in Google Chrome before 49.0.2623.108 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code...