Tor: Simple CSS line-height identifies platform

There are lots of ways to identify the Tor Browser. User-Agent string, limited time resolution, no media, etc. Assume you know it is the Tor Browser. Can you tell what platform? NOTE: This assumption is well within the scope of the Tor Browser. The Tor Browser does not hide the fact that it is th...

The vulnerability of the ring_buffer_resize function in the Linux kernel’s profiling subsystem allows a hacker to increase their privileges.

The vulnerability of the ringbufferresize function in the Linux kernel’s profiling subsystem arises due to integer overflow or cyclic shift attacks. Exploiting this vulnerability can allow an attacker, operating locally, to increase their privileges by writing to the file in the...

Dynamic Application Profiling: What It Is and Why You Want Your WAF to Have It

Because web applications are unique, they have distinct structures and dynamics, and – unfortunately – different vulnerabilities. A web application security device, therefore, must understand the structure and usage of the protected applications. Depending on the complexity of the protected...

BGP Hijack Detection: TaBi

BGP Hijack Detection Developed since 2011 for the needs of the French Internet Resilience Observatory , TaBi is a framework that ease the detection of BGP IP prefixes conflicts, and their classification into BGP hijacking events. The term prefix hijacking refers to an event when an AS, called an...

Linux kernel local integer overflow vulnerability (CNVD-2017-00226)

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. The 'ringbufferresize' function in the kernel/trace/ringbuffer.c file of the profiling subsystem in versions of the Linux kernel prior to 4.6.1 has a security vulnerability du...

Design/Logic Flaw

The ringbufferresize function in kernel/trace/ringbuffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffersizekb file...

CVE-2016-9754

The ringbufferresize function in kernel/trace/ringbuffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffersizekb file...

CVE-2016-9754

The ringbufferresize function in kernel/trace/ringbuffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffersizekb file...

CVE-2016-9754

The ringbufferresize function in kernel/trace/ringbuffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain privileges by writing to the /sys/kernel/debug/tracing/buffersizekb file...

openSUSE Security Update : mysql-community-server (openSUSE-2016-1283)

mysql-community-server was updated to 5.6.34 to fix the following issues : - Changes http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 34.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 33.html http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6- 32.html...

[SECURITY] Fedora 23 Update: mongodb-3.0.12-2.fc23

Mongo from "humongous" is a high-performance, open source, schema-free document-oriented database. MongoDB is written in C++ and offers the follow ing features: Collection oriented storage: easy storage of object/JSON-style data Dynamic queries Full index support, including on inner objects and...

Dynamic Instrumentation Tool Platform: DynamoRIO

Dynamic Instrumentation Tool Platform DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling...

Malware DNA Profiling Search Engine: CodexGigas

Malware DNA Profiling Search Engine Codex Gigas malware DNA profiling search engine discovers malware patterns and characteristics assisting individuals who are attracted in malware hunting. Codex Gigas is a malware profiling search engine that allows malware hunters and analysts to truly...

This App Lets You Find Anyone's Social Profile Just By Taking Their Photo

Is Google or Facebook evil? Forget it! Russian nerds have developed a new Face Recognition technology based app called FindFace, which is a nightmare for privacy lovers and human right advocates. FindFace is a terrifyingly powerful facial recognition app that lets you photograph strangers in a...

PT-2016-3144 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.6.1 Description: The issue is related to the ring buffer resize function in the kernel's profiling subsystem, which mishandles certain integer calculations. This can be exploited by local users to gain...

Scientific Linux Security Update : glibc on SL7.x x86_64 (20160216)

A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note...

Critical: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

openSUSE Security Update : xen (openSUSE-2015-730)

Xen was updated to fix 6 security issues. These security issues were fixed : - CVE-2014-0222: Validate L2 table size to avoid integer overflows bsc877642. - CVE-2015-4037: Insecure temporary file use in /net/slirp.c bsc932267. - CVE-2015-7835: Uncontrolled creation of large page mappings by PV...

soccerprofiling.co.uk XSS vulnerability

Vulnerable URL: http://soccerprofiling.co.uk/shop/basketnew.php?pagefile=" Details: Description| Value ---|--- Patched:| Yes, at 07.12.2015 Latest check for patch:| 07.12.2015 16:32 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

FreeBSD : xen-kernel -- some pmu and profiling hypercalls log without rate limiting (e4848ca4-8820-11e5-ab94-002590263bf5)

The Xen Project reports : HYPERCALLxenoprofop and HYPERVISORxenpmuop log some errors and attempts at invalid operations. These log messages are not rate-limited, even though they can be triggered by guests. A malicious guest could cause repeated logging to the hypervisor console, leading to a...