1151 matches found
libldb: remote memory read in the Samba LDAP server
A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server...
libldb: remote memory read in the Samba LDAP server
A memory-read flaw was found in the way the libldb library processed LDB DN records with a null byte. An authenticated, remote attacker could use this flaw to read heap-memory pages from the server...
Debian DSA-3395-1 : krb5 - security update
Several vulnerabilities were discovered in krb5, the MIT implementation of Kerberos. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-2695 It was discovered that applications which call gssinquirecontext on a partially-established SPNEGO context can...
CVE-2007-5896
Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service CPU consumption and crash via an iframe with Javascript that sets the document.location to contain a leading NULL byte \x00 and a 1 res://, 2 about:config, or 3 file:/// URI...
Network Time Protocol ntpq atoascii Memory Corruption Vulnerability
Talos Vulnerability Report TALOS-2015-0063 Network Time Protocol ntpq atoascii Memory Corruption Vulnerability October 21, 2015 CVE Number CVE-2015-7852 Description A potential off by one vulnerability exists in the cookedprint functionality of ntpq. A specially crafted buffer could cause a buffe...
Don't use Chrome to browse this article, it will crash! - Vulnerability warning-the black bar safety net
! Earlier there 8 characters makes Skype crash example, today we refer to is 1 6 characters make Chrome crash, you just need to click which 1 of 6 characters, and even the mouse just in this 1 6 bytes of the link moving around can cause Chrome to crash. Challenge Google Chrome: just 1 6 character...
Potential SQL injection vector using null byte for PDO (MsSql, SQLite)
More info at https://framework.zend.com/security/advisory/ZF2015-08...
OS X x64 - tcp bind shellcode, NULL byte free 144 bytes
OS X x64 - tcp bind shellcode, NULL byte free 144 bytes. Shellcode exploit for osx platform ;OS X x64, TCP bind shellcode port 4444, NULL byte free, 144 bytes long ;ASM code ;compile: ;nasm -f macho64 bind-shellcode.asm ;ld -macosxversionmin 10.7.0 -o bindsc bind-shellcode.o BITS 64 global start...
OS X x64 /bin/sh Shellcode, NULL Byte Free - 34 bytes
Author: Csaba Fitzl, @theevilbit Tested on OS X 10.10.5 OS X x64 /bin/sh shellcode, NULL byte free, 34 bytes Assembly version binsh-shellcode.asm ./nasm -f macho64 binsh-shellcode.asm ld -macosxversionmin 10.7.0 -o binsh-shellcode binsh-shellcode.o...
OS X x64 /bin/sh Shellcode, NULL Byte Free, 34 bytes
OS X x64 /bin/sh Shellcode, NULL Byte Free, 34 bytes. Shellcode exploit for osx platform Author: Csaba Fitzl, @theevilbit Tested on OS X 10.10.5 OS X x64 /bin/sh shellcode, NULL byte free, 34 bytes Assembly version binsh-shellcode.asm ./nasm -f macho64 binsh-shellcode.asm ld -macosxversionmin...
linux/x86 /bin/sh ROL/ROR Encoded Shellcode
Custom shellcode encoder/decoder that switches between byte ROR and byte ROL 1. Update eRORoROL-encoder.py with your shellcode 2. Run eRORoROL-encoder.py 3. Copy output from eRORoROL-encoder.py and update eRORoROL-decoder.nasm 4. Run eRORoROLcompile.sh -----eRORoROL-encoder.py BEGIN CODE-----...
Fedora 22 : asterisk-13.3.2-1.fc22 (2015-5948)
The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2, and 13.3.2. These releases are...
PHP multiple security vulnerabilities
Code execution, DoS conditions, poisoned NULL byte vulnereability, information disclosure...
[USN-2658-1] PHP vulnerabilities
========================================================================== Ubuntu Security Notice USN-2658-1 July 06, 2015 php5 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
php: missing null byte checks for paths in DOM and GD extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
php: missing null byte checks for paths in various PHP extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
php: missing null byte checks for paths in various PHP extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
php: missing null byte checks for paths in DOM and GD extensions
It was found that certain PHP functions did not properly handle file names containing a NULL character. A remote attacker could possibly use this flaw to make a PHP script access unexpected files and bypass intended file system access restrictions...
Accellion FTA 'statecode' Cookie Arbitrary File Read
This module exploits a file disclosure vulnerability in the Accellion File Transfer appliance. This vulnerability is triggered when a user-provided 'statecode' cookie parameter is appended to a file path that is processed as a HTML template. By prepending this cookie with directory traversal...
Ubuntu: Security Advisory (USN-2658-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...