CVE-2016-10158

Removed by vendor...

UBUNTU-CVE-2016-10158

The exifconvertanytoint function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service application crash via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1...

Invoke-TheHash - PowerShell Pass The Hash Utils

Invoke-TheHash contains PowerShell functions for performing NTLMv2 pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Local administrator privilege is not required client-side. Requirements Minimum PowerShell 2.0 Import Import-Module...

openSUSE Security Update : the Linux Kernel (openSUSE-2016-1426)

The openSUSE Leap 42.2 kernel was updated to 4.4.36 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended...

pcre: heap buffer overflow in compile_branch()

The compilebranch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service out-of-bounds heap read and crash, or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large...

IBM Tealeaf Customer Experience Brute Force Vulnerability

IBM Tealeaf Customer Experience is a suite of SaaS-based analytics solutions for web and mobile applications. IBM Tealeaf Customer Experience fails to limit the minimum password length vulnerability. Allows remote attackers to exploit the vulnerability to submit a special request to perform a bru...

LionSec Linux 5.0 - Penetration Testing Operating system based on Ubuntu

LionSec Linux 5.0 is a Ubuntu based penetration testing distribution . It was built in order to perform Computer Forensics , Penetration Tests , Wireless Analysis . With the "Anonymous Mode" , you can browse the internet or send packets anonymously . There are lots of inbuilt tools like netool...

CVE-2015-8931

Undefined behavior signed integer overflow was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. A crafted mtree file could potentially cause denial of service...

Security update for the Linux Kernel (important)

The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2016-2847: Limit the per-user amount of pages allocated in pipes bsc970948. - CVE-2016-3136: mctu232: add sanity checking in probe bnc970955. - CVE-2016-2188: iowarrio...

Android Linux kernel security bypass vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handset Alliance OHA, and the Linux kernel is the kernel used by Linux, the operating system released by the Linux Foundation in the United States. A security vulnerability exists in the LISTPOISON...

Freevimager Memory Corruption Vulnerability

FreeVimager is a free image viewer and editor that converts video files and some types of avi's audio files. Freevimager suffers from a memory corruption vulnerability that allows an attacker to cause a denial of service or change the flow of the program to execute arbitrary code by crafting the...

HackerOne: Minimum bounty of a private program is visible for users that were removed from the program

Hello, Privileged information is getting leaked to an unauthorized user in the json response of https://hackerone.com/reports/.json. In a team there can be many members, also roles are defined. But an x-member of the team is getting information which should not be visible to him. As I tested it o...

Google Outlines Plans to Deprecate RC4, SSLv3

As expected, Google formally announced its intent to move away from the stream cipher RC4 and the SSLv3 protocol this week, citing a long history of weaknesses in both. Adam Langley, a security engineer for the company, announced the plans through a blog post on Thursday. While there isn’t a...

mbedTLS/PolarSSL -- multiple vulnerabilities

ARM Limited reports: In order to strengthen the minimum requirements for connections and to protect against the Logjam attack, the minimum size of Diffie-Hellman parameters accepted by the client has been increased to 1024 bits. In addition the default size for the Diffie-Hellman parameters on th...

2696-1: OpenJDK 7 vulnerabilities

Several vulnerabilities were discovered in the OpenJDK JRE related to information disclosure, data integrity, and availability. An attacker could exploit these to cause a denial of service or expose sensitive data over the network. CVE-2015-2590, CVE-2015-2628, CVE-2015-4731, CVE-2015-4732,...

logstash-forwarder and logstash -- susceptibility to POODLE vulnerability

Elastic reports: The combination of Logstash Forwarder and Lumberjack input and output was vulnerable to the POODLE attack in SSLv3 protocol. We have disabled SSLv3 for this combination and set the minimum version to be TLSv1.0. We have added this vulnerability to our CVE page and are working on...

Dropbox Launches Bounty Program on HackerOne

Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program. The new reward system from Dropbox covers a variety of the company’s offerings, including th...

IT-Grundschutz M4.098: Kommunikation durch Paketfilter auf Minimum beschränken

IT-Grundschutz M4.098: Kommunikation durch Paketfilter auf Minimum beschränken. Stand: 14. Ergänzungslieferung 14. EL. Hinweis: Getestet wird auf die Microsoft Windows Firewall. Für Vista und Windows 7 auf jegliche Firewall die sich systemkonform installiert. SPDX-FileCopyrightText: 2015 Greenbon...

DEBIAN-CVE-2014-9658

The ttfaceloadkern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service out-of-bounds read or possibly have unspecified other impact via a crafted TrueType font...

Twitter Launches Bug Bounty Program

Twitter is the latest major Internet company to establish a bug bounty program, and has put no upper limit on the bounty that a researcher can earn for reporting a vulnerability. The company announced on Wednesday that it will operate its bounty program through the HackerOne platform, a bug bount...