CVE-2016-2798

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...

CVE-2016-2798

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...

CVE-2016-2798

The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font...

Debian DLA-401-1 : imlib2 security update

CVE-2014-9762 GIF loader: Fix segv on images without colormap CVE-2014-9763 Prevent division-by-zero crashes CVE-2014-9764 Fix segfault when opening input/queue/id:000007,src:000000,op:flip1,pos:51 with feh NOTE: Tenable Network Security has extracted the preceding description block directly from...

CVE-2015-7063

The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname...

UBUNTU-CVE-2015-7632

Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a...

Internet Bug Bounty: Bad Write in TTF font parsing (win32k.sys)

This bug was originally reported through Project Zero at Google. Alex Rice suggested to me that I could potentially receive a bounty through Hacker One so I am also opening a report here. The vulnerability reference numbers are MS15-010 CVE-2015-0059 The original bug report is...

WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities

WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities source: https://www.securityfocus.com/bid/68519/info WeBid is prone to multiple cross-site-scripting vulnerabilities and an LDAP injection vulnerability. An attacker may leverage these issues to compromise the application, acces...

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always "The arrest of malware authors and culprits who are involved in the development of Malware." Til...

CSRF token leakage - ownCloud

The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. Affected Software ownCloud Server 5.0.6 CVE-2013-2086 Action Taken It is recommended that all instances are upgrad...

Vulnerability in the filesystem loader

More info at http://blog.twig.sensiolabs.org/post/47461911874/security-release-twig-1-12-3-released...

About Shellcodes in C

This is a follow up of our previous introductory post about shellcodes. Here we aim for coding more complex shellcodes directly in C. We'll mostly use default tools like gcc and as, at the end also a small python script to reorder and pack things. We'll play with linux but the concepts and script...

About shellcodes

In this post we have documented a beginners introduction to shellcode writing. We go from zero to a super simple shellcode using tools you may find already installed in any serious operating system. If you are looking for a digested and more mature way of generating shellcode you should check...

TDSS Rootkit Gets Its Own Self-Replicating Loader

The group behind the TDSS rootkit has developed a new method for getting the pernicious malware onto as many machines as possible: a worm-like, self-propagating loader. The new mechanism has the ability not only to install new copies of the rootkit on PCs, but also set up its own DHCP server on a...

CVE-2009-5064

ldd in the GNU C Library aka glibc or libc6 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LDTRACELOADEDOBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion...

Digital Forensics Framework v0.9.0 latest version download !

"DFF Digital Forensics Framework is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules." This is...

Important: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

linux/ARM - Loader Port 0x1337 Shellcode

Exploit for linux/x86 platform in category shellcode ======================================== linux/ARM - Loader Port 0x1337 Shellcode ======================================== / Title: arm-loader Brief: Bind port 0x1337 on any local interface, listen for a connection receive a payload, and pass...

DEBIAN-CVE-2010-2546

Multiple heap-based buffer overflows in loaders/loadit.c in libmikmod, possibly 3.1.12, might allow remote attackers to execute arbitrary code via 1 crafted samples or 2 crafted instrument definitions in an Impulse Tracker file, related to panpts, pitpts, and ITProcessEnvelope. NOTE: some of thes...

FreeBSD 7.2 (pecoff executable) Local Denial of Service Exploit

No description provided by source. / pecoffpanic.c by Shaun Colley, 20 July 2009 this code will panic the freebsd kernel due to a bug in the PECOFF executable loader code 'options PECOFFSUPPORT' in kernel config or kldload pecoff panic9 is in vmfault due to a page fault. the panic seems to be...