533 matches found
GNU Binutils 'opcodes/rx-decode.opc' Remote Denial of Service Vulnerability
GNU Binutils a.k.a. GNU Binary Utilities or binutils is a set of programming language utility programs developed by the GNU Project to work with target files in a variety of formats, with connectors, assemblers, and other tools for target files and archives. A security vulnerability exists in...
DEBIAN-CVE-2017-9750
opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this fil...
UBUNTU-CVE-2017-9750
opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for certain scale arrays, which allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this fil...
DEBIAN-CVE-2017-9751
opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE macro, which allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file during...
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands Exploit
Exploit for windows platform in category local exploits Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1260 MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT AUTHORITY\SYSTEM and isn't...
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1260 MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT AUTHORITY\SYSTEM and isn't sandboxed. Browsing the list of win32 APIs that the...
WebKit JSC BindingNode::bindValue Failed Reference Count Increase
WebKit: JSC: BindingNode::bindValue doesn't increase the scope's reference count CVE-2017-2505 Here's a snippet of BindingNode::bindValue. void BindingNode::bindValueBytecodeGenerator& generator, RegisterID value const ... RegisterID scope = generator.emitResolveScopenullptr, var;...
Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10007 Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbman service, which listens on TCP port...
Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10006 Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbman service, which listens on TCP port...
Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10007 Arbitrary File Deletion Denial of Service Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbman service, which listens on TCP port...
Hewlett Packard Enterprise Intelligent Management Center dbman Opcode 10010 Arbitrary File Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dbman service, which listens on TCP port...
OpenVPN 2.4.0 - Denial of Service
!/usr/bin/env python3 ''' $ ./dosserver.py & $ sudo ./openvpn-2.4.0/src/openvpn/openvpn conf/server-tls.conf ... Fri Feb 24 10:19:19 2017 192.168.149.1:64249 TLS: Initial packet from AFINET192.168.149.1:64249, sid=9a6c48a6 1467f5e1 Fri Feb 24 10:19:19 2017 192.168.149.1:64249 Assertion failed at...
Adobe Flash AS2 New Opcode Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...
Adobe Flash AS2 RemoveClip Opcode Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...
Aerospike Database Server RW Fabric Message Particle Type Code Execution Vulnerability
Summary An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An...
FLARE Script Series: Querying Dynamic State using the FireEye Labs Query-Oriented Debugger (flare-qdb)
Introduction This post continues the FireEye Labs Advanced Reverse Engineering FLARE script series. Here, we introduce flare-qdb, a command-line utility and Python module based on vivisect for querying and altering dynamic binary state conveniently, iteratively, and at scale. flare-qdb works on...
IBM Tivoli Storage Manager FastBack Server Opcode 1329 Information Disclosure
The IBM Tivoli Storage Manager FastBack Server running on the remote host is affected by an information disclosure vulnerability due to improper processing of opcode 1329. An unauthenticated, remote attacker can exploit this, by sending a crafted packet to TCP port 11460, to read the contents of...
CVE-2015-5158
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...
Stack overflow
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...
CVE-2015-5158
Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAPSYSRAWIO permissions to cause a denial of service instance crash via an invalid opcode in a SCSI command descriptor block...