php: uninitialized pointer in phar_make_dirstream()

A flaw was found in the way the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash or, possibly, execute arbitrary code when opened...

Huawei SmartAX MT882 Denial of Service Vulnerability (CNVD-2016-01127)

Huawei SmartAX MT882 is a router product. A denial of service vulnerability in GlobespanVirata ftpd 1.0 in the Huawei SmartAX MT882 device V200R002B022 Arg allows remote users to create directories with longer names using the FTP MKD command, and then cause a denial of service with other commands...

0d1n - Tool For Automating Customized Attacks Against Web Applications

Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. You can do: brute force passwords in auth forms directory disclosure use PATH list to brute, and find HTTP status code test list on input to find SQL Injection and XSS vulnerabilities To run: require libcurl-dev or...

Oracle: Security Advisory (ELSA-2009-1243)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle: Security Advisory (ELSA-2014-1243)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-4491

Integer overflow in the makefiltertable function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of...

Updated perl-Module-Signature packages fix security vulnerabilities

Updated perl-Module-Signature package fixes the following security vulnerabilities reported by John Lightsey: Module::Signature could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries. When verifying t...

VPN daemon written in Go: GoVPN

GoVPN is simple secure virtual private network daemon. It uses Diffie-Hellman Encrypted Key Exchange DH-EKE for mutual zero-knowledge peers authentication and authenticated encrypted data transport. It is written entirely in Go programming language . All packets captured on a network interface ar...

An Open Source SIP Sniffer: pcapsipdump

An open-source libpcap-based SIP sniffer with per-call sorting capabilities. Listens on a network interface and saves SIP/RTP sessions to files. Each session goes in a separate, fancy-named .pcap file. Those could be opened with tcpdump, wireshark and friends. SIP/RTP sessions are written to disk...

DSA-3148-1 chromium-browser - end of life

Bulletin has no description...

UBUNTU-CVE-2014-3670

The exififdmakevalue function in exif.c in the EXIF extension in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 operates on floating-point arrays incorrectly, which allows remote attackers to cause a denial of service heap memory corruption and application crash or possibly execut...

Laravel - 'Hash::make()' Password Truncation Security

source: https://www.securityfocus.com/bid/69849/info Laravel is prone to a security weakness due to pseudo password hash collision. Attackers can exploit this issue to bypass intended security restrictions. This may aid in further attacks. // user input password $input = strrepeat'A',72; //...

Laravel 2.1 Hash::make() bcrypt Truncation

| | / | \ | |/ |/ | / | | | | | | | | | | | | | / \ | | | || || | |\ | || | | / | | |/|| ||// \| Laravel 2.1 Hash::make bcrypt truncation Website : http://laravel.com/ Author : @u0x Pichaya Morimoto Release dates : September 16, 2014 Special Thanks to 2600 Thailand group...

Laravel - Hash::make() Password Truncation Security

Laravel - Hash::make Password Truncation Security source: https://www.securityfocus.com/bid/69849/info Laravel is prone to a security weakness due to pseudo password hash collision. Attackers can exploit this issue to bypass intended security restrictions. This may aid in further attacks. // user...

Make 3.81 - Heap Overflow PoC

Exploit for linux platform in category dos / poc =for comment Exploit Title: MAKE Heap Overflow - Pointer dereferencing POC Calloc- X86 X64 Date: 14.07.14 Exploit Author: HyP Vendor Homepage: http://www.gnu.org/software/make/ Software Link: http://ftp.gnu.org/gnu/make/ Version: Make 3.81 Tested o...

Make 3.81 - Heap Overflow PoC

No description provided by source. =for comment Exploit Title: MAKE Heap Overflow - Pointer dereferencing POC Calloc-X86 X64 Date: 14.07.14 Exploit Author: HyP Vendor Homepage: http://www.gnu.org/software/make/ Software Link: http://ftp.gnu.org/gnu/make/ Version: Make 3.81 Tested on: linux32,64...

Make 3.81 Heap Overflow

Exploit Title: MAKE Heap Overflow - Pointer dereferencing POC Calloc-X86 X64 Date: 14.07.14 Exploit Author: HyP Vendor Homepage: http://www.gnu.org/software/make/ Software Link: http://ftp.gnu.org/gnu/make/ Version: Make 3.81 Tested on: linux32,64 bits Fedora,Debian,ubuntu,Arch CVE : none Special...

Make 3.81 - Heap Overflow (PoC)

Make 3.81 - Heap Overflow PoC =for comment Exploit Title: MAKE Heap Overflow - Pointer dereferencing POC Calloc-X86 X64 Date: 14.07.14 Exploit Author: HyP Vendor Homepage: http://www.gnu.org/software/make/ Software Link: http://ftp.gnu.org/gnu/make/ Version: Make 3.81 Tested on: linux32,64 bits...

Make 3.81 - Heap Overflow (PoC)

=for comment Exploit Title: MAKE Heap Overflow - Pointer dereferencing POC Calloc-X86 X64 Date: 14.07.14 Exploit Author: HyP Vendor Homepage: http://www.gnu.org/software/make/ Software Link: http://ftp.gnu.org/gnu/make/ Version: Make 3.81 Tested on: linux32,64 bits Fedora,Debian,ubuntu,Arch CVE :...

S.u.S.E 6.4/7.0/7.1/7.2 Berkeley Parallel Make Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3573/info Parallel Make pmake is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs. pmake is not typically setuid root,...