WordPress API Data Handling Error Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from an API data handling error vulnerability. An attacker can exploit this vulnerability to execute...

[SECURITY] Fedora 25 Update: chicken-4.12.0-2.fc25

CHICKEN is a compiler for the Scheme programming language. CHICKEN produces portable, efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions...

[SECURITY] Fedora 24 Update: chicken-4.12.0-2.fc24

CHICKEN is a compiler for the Scheme programming language. CHICKEN produces portable, efficient C, supports almost all of the R5RS Scheme language standard, and includes many enhancements and extensions...

High Performance DNS Stub Resolver: MassDNS

A high performance DNS stub resolver in C MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 100,000,000 domains...

Schneider Electric SoMachine HVAC

CVSS v3 7.8 ATTENTION: Low skill level to exploit Vendor: Schneider Electric Equipment: SoMachine HVAC Vulnerabilities: Buffer Overflow, DLL Hijack AFFECTED PRODUCTS The following version of SoMachine HVAC, a PLC programming software, is affected: SoMachine HVAC Versions 2.1.0 and prior. IMPACT...

Learn How to Code: Get 10 Best Online Training Courses for Just $49

Struggling to learn how to code? If you’re looking to 'learn how to code' and seeking a career as an expert-level programmer, you should know how to play with codes and make your own. It's no secret that mastering a coding language or two can put you at the top of the job market – thanks to the...

CVE-2017-6865

CVE-2017-6865 is a DoS vulnerability in Siemens PROFINET DCP handling affecting multiple Siemens products (WinCC, STEP 7/TIA Portal, PCS 7, WinAC/WinCC flexible, SCT, SINEMA, SINUMERIK, etc.). The root cause is improper input validation, where specially crafted PROFINET DCP broadcast packets on a...

Microsoft Exchange Service Abuse: Ruler

Microsoft Exchange Service Abuse Ruler is a tool that allows you to interact with Exchange servers through the MAPI/HTTP protocol. The main aim is abuse the client-side Outlook mail rules. “ Silentbreak did a great job with this attack and it has served us well. The only downside has been that it...

Randombit Botan Library X509 Certificate Validation Bypass Vulnerability

Summary A programming error exists in a way Randombit Botan cryptographic library version 2.0.1 implements x500 string comparisons which could lead to certificate verification issues and abuse. A specially crafted X509 certificate would need to be delivered to the client or server application in...

Microsoft Windows 2003 SP2 - 'ERRATICGOPHER' SMB Remote Code Execution

!/usr/bin/env python -- coding: utf-8 -- By Victor Portal vportal for educational porpouse only This exploit is the python version of the ErraticGopher exploit probably with some modifications. ErraticGopher exploits a memory corruption seems to be a Heap Overflow in the Windows DCE-RPC Call...

[SECURITY] Fedora 25 Update: libarchive-3.2.2-2.fc25

Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

[SECURITY] Fedora 26 Update: libarchive-3.2.2-4.fc26

Libarchive is a programming library that can create and read several differ ent streaming archive formats, including most popular tar variants, several cpio formats, and both BSD and GNU ar variants. It can also write shar archives and read ISO9660 CDROM images and ZIP archives...

Multiple Denial of Service Vulnerabilities in Linksys Smart Wi-Fi Routers

Linksys Smart Wi-Fi Routers are smart Wi-Fi routers. Multiple denial of service vulnerabilities exist in Linksys Smart Wi-Fi Routers. Allows an unauthenticated attacker to create a denial-of-service DoS condition on the router that will cause the router to stop responding or reboot by sending...

Metasploit Wrapup, 4.14.4 through 4.14.11

Editor's Note: While this edition of the Metasploit Wrapup is a little late my fault, sorry, we're super excited that it's our first ever Metasploit Wrapup to be authored by an non-Rapid7 contributor. We'd like to thank claudijd -long-time Metasploit contributor, Mozilla security wrangler, and...

Medium: R

Issue Overview: An exploitable buffer overflow vulnerability exists in the LoadEncoding functionality of the R programming language version 3.3.0. A specially crafted R script can cause a buffer overflow resulting in a memory corruption. An attacker can send a malicious R script to trigger this...

IBM API Connect Command Execution Vulnerability

IBM API Connect is a suite of integrated solutions for managing the API lifecycle and IBM NPM is a suite of NodeJS package management and distribution tools. A command execution vulnerability exists in IBM API Connect. An attacker could exploit this vulnerability to execute arbitrary commands on ...

Wecon Technologies LEVI Studio HMI Editor

CVSS v3 8.8 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: Wecon Technologies Equipment: LEVI Studio HMI Editor Vulnerabilities: Heap-Based Buffer Overflow, Stack-Based Buffer Overflow AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, a HMI programming...

Samsung Tizen Security 'Feels like 2005'

SINT MAARTEN—Samsung’s Tizen operating system, a strategic stronghold for the company as it attempts to grow its line of homegrown mobile devices, isn’t such a vanguard when it comes to security. An independent researcher has discovered dozens of vulnerabilities in the OS that puts devices such a...

[SECURITY] Fedora 26 Update: erlang-19.3-2.fc26

Erlang is a general-purpose programming language and runtime environment. Erlang has built-in support for concurrency, distribution and fault tolerance. Erlang is used in several large telecommunication systems from Ericsson...

Programmers are also people who also make mistakes

It's the first part of our talk with Daniil Svetlov at his radio show "Safe Environment" or "Safe Wednesday" - kind of wordplay in Russian recorded 29.03.2017. We were discussing why Software Vulnerabilities are everyone's problem. Full video in Russian without subtitles is available here. I adde...