Fedora 28 : elfutils (2018-1eec1f0d17)

Fixes CVE-2018-16062, CVE-2018-16402 and CVE-2018-16403. unstrip: Handle SHTGROUP sections. strip: Handle mixed out of order allocated/non-allocated sections. elfcompress: Don't rewrite input file if no section data needs updating. Try harder to keep same file mode bits suid on rewrite. libelf,...

[SECURITY] Fedora 29 Update: libconfuse-3.2.2-1.fc29

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...

[SECURITY] Fedora 27 Update: libconfuse-3.2.2-1.fc27

libConfuse is a configuration file parser library, licensed under the terms of the ISC license, and written in C. It supports sections and lists of values strings, integers, floats, booleans or other sections, as well as some other features such as single/double-quoted strings, environment variab...

Ekushey Project Manager CRM 3.1 - Cross-Site Scripting

Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushey/ Software : Ekushey Project...

Null pointer dereference

An issue was discovered in the mergestrings function in merge.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in bfdaddmergesection when attempting to merge sections with large alignments. A specially crafted ELF...

CVE-2018-18606

An issue was discovered in the mergestrings function in merge.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in bfdaddmergesection when attempting to merge sections with large alignments. A specially crafted ELF...

DEBIAN-CVE-2018-18606

An issue was discovered in the mergestrings function in merge.c in the Binary File Descriptor BFD library aka libbfd, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in bfdaddmergesection when attempting to merge sections with large alignments. A specially crafted ELF...

Cross site scripting

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...

CVE-2018-18417

In the 3.1 version of Ekushey Project Manager CRM, Stored XSS has been discovered in the input and upload sections, as demonstrated by the name parameter to the index.php/admin/client/create URI...

Ekushey Project Manager CRM 3.1 Cross Site Scripting Vulnerability

Ekushey Project Manager CRM version 3.1 suffers from a persistent cross site scripting vulnerability. Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushe...

radare2/ia_fuzz: Heap-buffer-overflow in sections

Project: https://github.com/radare/radare2.git Detailed report: https://oss-fuzz.com/testcase?key=5673375310020608 Project: radare2 Fuzzer: libFuzzerradare2iafuzz Fuzz target binary: iafuzz Job Type: libfuzzerasanradare2 Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address:...

radare2/ia_fuzz: Crash in sections

Project: https://github.com/radare/radare2.git Detailed report: https://oss-fuzz.com/testcase?key=5669401876496384 Project: radare2 Fuzzer: libFuzzerradare2iafuzz Fuzz target binary: iafuzz Job Type: libfuzzerasanradare2 Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x6170fffe5484...

One-Lin3r v1.1 - Gives You One-Liners That Aids In Penetration Testing Operations

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser : Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper : Give it an...

WebKit: Info leak in WebAssembly Compilation(CVE-2018-4222)

There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. When a source buffer is compiled, it is first copied into a read-only buffer by the functuion getWasmBufferFromValue. This function returns the code buffer as follows: return arrayBufferView ?...

WebKit - WebAssembly Compilation Info Leak

arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, the function createSourceBufferFromValue copies the...

Liberapay: CSRF token manipulation in every possible form submits. NO server side Validation

Web Application is generating CSRFtoken values inside cookies which is not a best practice for web applications the revelation of cookies can reveal CSRF Tokens as well. Authenticity tokens should be kept separate from cookies and should be isolated to change operations in the account only...

RHEL 7 : java-1.8.0-ibm (RHSA-2018:1721)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1721 advisory. - Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 Security CVE-2018-2783 - OpenJDK: incorrect merging of sections in...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Apple Safari

CVE-2018-4121 - Safari Wasm Sections POC RCE Exploit by MWR L...

CVE-2017-9636

CVE-2017-9636 affects Mitsubishi Electric Europe B.V. E-Designer (Version 7.52 Build 344). Connected advisories describe heap-based buffer overflow weaknesses in multiple code paths (five sections) that can overwrite the heap, enabling arbitrary code execution, data integrity compromise, DoS, and...

WebKit - WebAssembly Parsing Does not Correctly Check Section Order

When a WebAssembly binary is parsed in ModuleParser::parse, it is expected to contain certain sections in a certain order, but can also contain custom sections that can appear anywhere in the binary. The ordering check validateOrder does not adequately check that sections are in the correct order...