Design/Logic Flaw

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, while accessing global variable "debugclient" in multi-thread manner, Use after free issue occurs...

Security fix for the ALT Linux 10 package thunderbird version 52.8.0-alt1

May 19, 2018 Andrey Cherepanov 52.8.0-alt1 - New version 52.8.0. - Enigmail 2.0.4. - Fixes: + CVE-2018-5183 Backport critical security fixes in Skia + CVE-2018-5184 Full plaintext recovery in S/MIME via chosen-ciphertext attack + CVE-2018-5154 Use-after-free with SVG animations and clip paths +...

JCS - Joomla Vulnerability Component Scanner

JCS Joomla Component Scanner made for penetration testing purpose on Joomla CMS JCS can help you with the latest component vulnerabilities and exploits. The database can update from several resources and a Crawler has been implemented to find components and component's link. This version supports...

CVE-2017-18193

fs/f2fs/extentcache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service BUG via an application with multiple threads...

CVE-2018-1000030

Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are...

Multiple Denial of Service Vulnerabilities in GNU Libosip

GNU Libosip is a standard library written in C for multi-threaded safety. GNU Libosip suffers from multiple denial of service vulnerabilities. An attacker could exploit this vulnerability to cause a denial of service...

Automatic SQL Database Injection: jSQL Injection

jSQL Injection is a lightweight application used to find database information from a distant server. Tool is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic best algorit...

USN-2639-1 openssl vulnerabilities

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8176 Joseph...

Jildi FTP Client 1.5.2 Build 1138 Buffer Overflow Exploit

Jildi FTP Client version 1.5.2 build 1138 suffers from a buffer overflow vulnerability. !/usr/bin/python Exploit Title:Jildi FTP Client Buffer Overflow Poc Version:1.5.2 Build 1138 Homepage:http://de.download.cnet.com/Jildi-FTP-Client/3000-21604-10562942.html Software...

Kadimus - LFI Scan & Exploit Tool

Kadimus is a tool to check sites to lfi vulnerability , and also exploit it Features: Check all url parameters /var/log/auth.log RCE /proc/self/environ RCE php://input RCE data://text RCE Source code disclosure Multi thread scanner Command shell interface through HTTP Request Proxy support...

SuSE 11.3 Security Update : bind (SAT Patch Number 10100)

bind has been updated to version 9.9.6P1, fixing the following security issue : - A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow default 7, and the number of...

[jSQL Injection v0.5] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...

[jSQL Injection v0.4] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.4 features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic...

Novell Groupwise Messenger 2.1.0 - Memory Corruption

Luigi Auriemma Application: Novell GroupWise Messenger http://www.novell.com/products/groupwise/ Versions: NMAPARM1 allows to corrupt the heap memory: 0042BCD9 |. 8B0B MOV ECX,DWORD PTR DS:EBX ; 3 0042BCDB |. 8B55 FC MOV EDX,DWORD PTR SS:EBP-4 ; 3 0042BCDE...

[SECURITY] Fedora 15 Update: quagga-0.99.18-2.fc15

Quagga is a free software that manages TCP/IP based routing protocol. It takes multi-server and multi-thread approach to resolve the current complexity of the Internet. Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Rout...

[SECURITY] Fedora 12 Update: quagga-0.99.17-1.fc12

Quagga is a free software that manages TCP/IP based routing protocol. It takes multi-server and multi-thread approach to resolve the current complexity of the Internet. Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Rout...

Fedora Update for quagga FEDORA-2007-2196

Check for the Version of quagga OpenVAS Vulnerability Test Fedora Update for quagga FEDORA-2007-2196 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

[SECURITY] Fedora 7 Update: quagga-0.99.9-1.fc7

Quagga is a free software that manages TCP/IP based routing protocol. It takes multi-server and multi-thread approach to resolve the current complexity of the Internet. Quagga supports BGP4, BGP4+, OSPFv2, OSPFv3, RIPv1, RIPv2, and RIPng. Quagga is intended to be used as a Route Server and a Rout...

Tracing execution of a threaded executable causes kernel BUG report

The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service system hang related to "MT exec + utraceattach spin failure mode," as demonstrated by ptrace-thrash.c...

Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability

Description It has been reported that a variant attack in the RPCSS service of Microsoft Windows exists. Because of this, it may be possible for an attacker to mount denial of service attacks and execute arbitrary code on the affected system. The source of the issue is reportedly a multi-thread...