Easy File Management Web Server 5.6 Buffer Overflow

!/usr/bin/python Exploit Title: Easy File Management Web Server v5.6 - USERID Remote Buffer Overflow Version: 5.6 Date: 2015-08-17 Author: Tracy Turben [email protected] Software Link: http://www.efssoft.com/ Tested on: Win7x32-EN Special Thanks To: Julien Ahrens for the crafted jmp esp Trick...

[SECURITY] Fedora 22 Update: golang-1.4.2-3.fc22

The Go Programming Language...

Google Golang Go HTTP Header Injection Vulnerability

Google Golang Go is a programming language optimized for programming applications on multiprocessor systems. Google Golang Go suffers from an HTTP header injection vulnerability that could be exploited by remote attackers to inject HTTP headers into the server response, spoof the target user,...

python-oauth2: _check_signature() ignores the nonce value when validating signed urls

It was found that python-oauth2 did not properly verify the nonce of a signed URL. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...

foreman: API not scoping resources to taxonomies

A flaw was found in the way foreman authorized user actions on resources via the API when an organization was not explicitly set. A remote attacker could use this flaw to obtain additional information about resources they were not authorized to access...

[SECURITY] Fedora 22 Update: elasticsearch-1.6.1-0.fc22

Elasticsearch is a search server based on Lucene. It provides a distributed, multitenant-capable full-text search engine with a RESTful web interface and schema-free JSON documents. Elasticsearch is developed in Java and is relea sed as open source under the terms of the Apache License. It is a...

CentOS 6 : python (CESA-2015:1330)

Updated python packages that fix multiple security issues, several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

win32/xpTR sp3 MessageBox - 24Bytes

win32/xpTR sp3 MessageBox - 24Bytes. Shellcode exploit for win32 platform win32/xpTR sp3 MessageBox - 24Bytes Greetz : Bomberman&T-Rex Author : B3mB4m Proof : http://imgur.com/727ALiY I know there is nothing new.I wrote just to say "I am back" .. -Coming soon- arwin.c v2 .. Polymorphic shellcodes...

Micro:bit — A Pocket-sized Programmable Computer

The BBC has unveiled the final design of the Micro:bit — a pocket-sized computer board designed to lure U.K. school children to embedded electronics. The Micro:bit is essentially a codeable computer that lets kids get creative with technology. It measures 5cm by 4cm and will be available in...

[SECURITY] Fedora 21 Update: chicken-4.9.0.1-4.fc21

CHICKEN is a compiler for the Scheme programming language. CHICKEN produces portable, efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions...

[SECURITY] Fedora 22 Update: chicken-4.9.0.1-4.fc22

CHICKEN is a compiler for the Scheme programming language. CHICKEN produces portable, efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions...

PHP libmagick 'libmagic/softmagic.c' denial of service vulnerability (CNVD-2015-03966)

PHP is a general-purpose scripting language. A security vulnerability in the PHP Fileinfo extension when handling constructed files allows remote attackers to exploit the vulnerability to crash the PHP process, resulting in a denial of service...

Cisco Access Control Server Remote Denial of Service Vulnerability

The Cisco Secure Access Control System is the access policy control platform. A remote denial of service vulnerability exists in the REST API in Cisco Access Control Server ACS version 5.5 0.46.2, which can be exploited by a remote attacker to cause a denial of service by sending numerous request...

Cisco Access Control Server Representational State Transfer Application Programming Interface Denial of Service Vulnerability

A vulnerability in the Representational State Transfer REST application programming interface API of the Cisco Access Control Server ACS could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. The vulnerability is due to how the ACS REST API handles increased...

linux/x86 execve "/bin/sh" shellcode - 26 bytes

/ ; Title: Linux/x86 execve "/bin/sh" - shellcode 26 bytes ; Platform: linux/x8664 ; Date: 2015-05-19 ; Author: Reza Behzadpour ; Simple ShellCode section .text global start start: xor ecx,ecx mul ecx ;execve"/bin/sh", NULL, NULL mov al,11 jmp shell shellret: pop ebx push ecx push ebx pop ebx int...

Третья конференция r0 Crew

Всем доброго времени суток! Рады сообщить, что 23.05.2015 состоится третья конференция форума reverse4you.org R0-Crew Conference. Основная тематика конференции: Реверс-инжиниринг. Низкоуровневое программирование. Поиск уязвимостей. Место проведения осталось прежним, это учебный центр «Славутич»...

[SECURITY] Fedora 21 Update: ruby-2.1.6-27.fc21

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks as in Perl. It is simple, straight-forward, and extensible...

RSA Conference Chris Hoff Reuben Paul Keynote

SAN FRANCISCO – When it comes to the future development of secure software, there’s really only one “next generation” that matters. That’s why today when the covers were pulled back on a seven-foot-tall server rack wheeled out on stage during Chris Hoff’s RSA Conference keynote, those in the...

Oracle Java SE Multiple Vulnerabilities (April 2015 CPU) (Unix) (FREAK)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is prior to 8 Update 45, 7 Update 79, 6 Update 95, or 5 Update 85. It is, therefore, affected by security vulnerabilities in the following components : - 2D - Beans - Deployment - Hotspot - JavaFX - JCE -...

Return-into-libc attack and Defense-bug warning-the black bar safety net

This article first analyzes the return-into-libc attack principle, were introduced in different platforms for the traditional return-into-libc attack of the experimental process and results. Then, this paper further introduces and explains the return-oriented programming attacks, this attack can...