Internet Bug Bounty: Format string implementation vulnerability, resulting in code execution

In a security audit to the sprintf implementation in perl version 5.24.1 I found a major security vulnerability, here are the full details. Timeline: ====== 6th of May, 2017 - disclosure to the PERL security mailing list 8th of May, 2017 - vulnerability confirmed by PERL's security group, found...

Debian DSA-3982-1 : perl - security update

Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2017-12837 Jakub Wilk reported a heap buffer overflow flaw in the regular expression compiler, allowing a...

[SECURITY] [DSA 3982-1] perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3982-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 21, 2017 https://www.debian.org/security/faq -...

R PDF LoadEncoding Code Execution Vulnerability(CVE-2016-8714)

Summary An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this...

Debian: Security Advisory (DSA-3982-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: q-7.11-29.fc25

Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced application...

[SECURITY] Fedora 26 Update: q-7.11-29.fc26

Q is a powerful and extensible functional programming language based on the term rewriting calculus. You specify an arbitrary system of equations which the interpreter uses as rewrite rules to reduce expressions to normal form. Q is useful for scientific programming and other advanced application...

Randombit Botan Library X509 Certificate Validation Bypass Vulnerability(CVE-2017-2801)

Summary A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in...

CrackLord - Queue and Resource System For Cracking Passwords

CrackLord is a system designed to provide a scalable, pluggable, and distributed system for both password cracking as well as any other jobs needing lots of computing resources. Better said, CrackLord is a way to load balance the resources, such as CPU, GPU, Network, etc. from multiple hardware...

Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim

Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 1...

DoS Vulnerability associated with URI.decode_www_form_component method

The URI.decodewwwformcomponent method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service catastrophic regular expression backtracking, resource consumption, or application crash via a crafted string...

Critical Flaw in Apache Struts2 Lets Hackers Take Over Web Servers

Security researchers have discovered a critical remote code execution vulnerability in the popular Apache Struts web application framework, allowing a remote attacker to run malicious code on the affected servers. Apache Struts is a free, open-source, Model-View-Controller MVC framework for...

127.0.0.1

A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...

[SECURITY] Fedora 25 Update: chicken-4.12.0-3.fc25

CHICKEN is a compiler for the Scheme programming language. CHICKEN produces portable, efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions...

[SECURITY] Fedora 26 Update: chicken-4.12.0-3.fc26

CHICKEN is a compiler for the Scheme programming language. CHICKEN produces portable, efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions...

[SECURITY] Fedora 25 Update: libsoup-2.56.1-1.fc25

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

Updated R-base packages fix security vulnerability

Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation CVE-2016-8714...

MGASA-2017-0236 Updated R-base packages fix security vulnerability

Cory Duplantis discovered a buffer overflow in the R programming language. A malformed encoding file may lead to the execution of arbitrary code during PDF generation CVE-2016-8714...

Girls Who Code Weeks 3 and 4: Robots, the Internet and College

The summer is flying by, and we have reached the mid-point of our Girls Who Code Summer Immersion program. Our students are smart, engaged, learning a ton, and seem to be having a lot of fun! Last week was about robotics. The girls wired and programmed Arduino robots to perform a variety of tasks...

Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure

Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure Vulnerability Summary The following advisory describes sensitive information Disclosure found in Tiandy IP cameras version 5.56.17.120 Tianjin Tiandy Digital Technology Co., Ltd Tiandy Tech is “one of top 10 leading CCTV manufacture...