GHSA-7VRM-3JC8-5WWM Incorrect Comparison in Vyper

Impact bytestrings can have dirty bytes in them, resulting in the word-for-word comparison to give incorrect results, e.g. vyper b1: Bytes32 = b"abcdef" b1 = sliceb1, 0, 1 b2: Bytes32 = b"abcdef" t: bool = b1 == b2 incorrectly evaluates to True even without dirty nonzero bytes, because there is n...

PYSEC-2022-196

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...

sqlite: mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

DEBIAN-CVE-2019-19959

ext/misc/zipfile.c in SQLite 3.30.1 mishandles certain uses of INSERT INTO in situations involving embedded '\0' characters in filenames, leading to a memory-management error that can be detected by for example valgrind...

CVE-2019-12410

While investigating UBSAN errors in https://github.com/apache/arrow/pull/5365 it was discovered Apache Arrow versions 0.12.0 to 0.14.1, left memory Array data uninitialized when reading RLE null data from parquet. This affected the C++, Python, Ruby and R implementations. The uninitialized memory...

PT-2019-3168 · Cisco · Cisco Firepower Services Software For Asa +2

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense Software affected versions not specified Cisco FirePOWER Services Software for ASA affected versions not specified Cisco Firepower Management Center Software affected versions not specified Description: The issu...

Linux/x86 exit(0) Shellcode (5 bytes)

/ Exit.asm Author: Daniele Votta Description: Exit with no nulls. Tested on: i686 GNU/Linux Shellcode Length: 5 / include include / Disassembly of section .text: 00000000 : 0: 31 c0 xor eax,eax 2: 40 inc eax 3: cd 80 int 0x80 ======================= POC Daniele Votta ======================= /...

USN-3452-1 ceph vulnerabilities

It was discovered that Ceph incorrectly handled the handlecommand function. A remote authenticated user could use this issue to cause Ceph to crash, resulting in a denial of service. CVE-2016-5009 Rahul Aggarwal discovered that Ceph incorrectly handled the authenticated-read ACL. A remote attacke...

Linux/x86 - Bind Shell Shellcode (75 bytes)

/ Architecture : x86 OS : Linux Author : wetw0rk ID : SLAE-958 Shellcode Size : 75 bytes Bind Port : 4444 Description : A linux/x86 bind shell via /bin/sh. Created by analysing msfvenom; original payload was 78 bytes and contained 1 NULL. My shellcode is 75 and contains 0 NULLS ;. Original...

Linux/x86-64 - NetCat Bind Shell Shellcode (64 bytes)

include include // Exploit Title: NetCat Bind Shell 64bit 64byte // Date: 6/28/2016 // Exploit Author: CripSlick // Tested on: Kali 2.0 // Version: v1.10-41 // email protected // OffSec ID: OS-20614 // Victim: netstat -an | grep LISTEN | grep tcp // Attacker: nc unsigned char code = \ define PORT...

UBUNTU-CVE-2013-2478

The dissectserverinfo function in epan/dissectors/packet-ms-mms.c in the MS-MMS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before 1.8.6 does not properly manage string lengths, which allows remote attackers to cause a denial of service application crash via a malformed packet that 1...

ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-153 : Apple QuickTime sean Atom Size Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-153 August 22, 2012 - -- CVE ID: CVE-2012-0670 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...

Fedora 12 : sendmail-8.14.4-3.fc12 (2010-5470)

This new version of sendmail fixes security bug - handling of bogus certificates with NULLs in CNs. Also many other bugs have been fixed, for complete list please see: http://www.sendmail.org/releases/8.14.4 Note that Tenable Network Security has extracted the preceding description block directly...

Version-independent IOS shellcode

Version-independent IOS shellcode. Shellcode exploit for hardware platform Version-independent IOS shellcode, Andy Davis 2008 No hard-coded IOS addresses required The technique uses 4-byte signatures near references to the required addresses within the IOS "text" memory region. The addresses are...

Version-independent IOS shellcode

Hi, One of the biggest problems with IOS exploitation is that on every different version of IOS, the addresses required to execute useful shellcode are different. Therefore, hard-coded addresses were inserted into shellcode and this made exploits very version-dependent. I have been working on a w...

Ethernet Device Drivers Frame Padding - 'Etherleak' Infomation Leakage

!/usr/bin/perl -w etherleak, code that has been 5 years coming. On 04/27/2002, I disclosed on the Linux Kernel Mailing list, a vulnerability that would be come known as the 'etherleak' bug. In various situations an ethernet frame must be padded to reach a specific size or fall on a certain...

Mozilla Foundation Security Advisory 2007-07

Mozilla Foundation Security Advisory 2007-07 Title: Embedded nulls in location.hostname confuse same-domain checks Impact: High Announced: February 23, 2007 Reporter: Michal Zalewski Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Description Michal Zalewsk...

Embedded nulls in location.hostname confuse same-domain checks — Mozilla

Michal Zalewski demonstrated that setting location.hostname to a value with embedded null characters can confuse the browsers domain checks. Setting the value triggers a load, but the networking software reads the hostname only up to the null character while other checks for "parent domain" start...

PoPToP PPTP 1.1.4-b3 - 'poptop-sane.c' Remote Command Execution

/ Fixed Exploit against PoPToP in Linux poptop-sane.c ./r4nc0rwh0r3 of blightninjas [email protected] blightninjas: bringing pain, suffering, and humiliation to the security world Expect more great release like helloworld-annotated.c and cd explained whitepaper, we are working hard in da...

PoPToP PPTP 1.1.4-b3 - poptop-sane.c Remote Command Execution

PoPToP PPTP 1.1.4-b3 - poptop-sane.c Remote Command Execution / Fixed Exploit against PoPToP in Linux poptop-sane.c ./r4nc0rwh0r3 of blightninjas [email protected] blightninjas: bringing pain, suffering, and humiliation to the security world Expect more great release like...