UBUNTU-CVE-2016-5028

The printframeinstbytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via an object file with empty bss-like sections...

CVE-2016-5028

The printframeinstbytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via an object file with empty bss-like sections...

ISC BIND 9.x < 9.9.9-P3 Options Sections DoS

According to its self-reported version number, the instance of ISC BIND running on the remote name server is 9.x prior to 9.9.9-P3. It is, therefore, affected by a denial of service vulnerability when handling malformed options sections. An unauthenticated, remote attacker can exploit this, via a...

OS X Forensic Evidence Collection: OSXCollector

OS X Forensic Evidence Collection: OSXCollector Forensic Collection The collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from plists, SQLite databases and the local file system. Forensic Analysis...

CVE-2016-5028

The printframeinstbytes function in libdwarf before 20160923 allows remote attackers to cause a denial of service NULL pointer dereference via an object file with empty bss-like sections...

libxml2: heap-based buffer overflow in xmlParseConditionalSections()

A heap-based buffer overflow flaw was found in the way libxml2 parsed certain crafted XML input. A remote attacker could provide a specially crafted XML file that, when opened in an application linked against libxml2, would cause the application to crash causing a denial of service...

McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption

McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=817 Fuzzing packed executables with McAfee's LiveSafe 14.0 on Windows found a signedness error parsing sections and relocations. The attached fuzzed testcase...

McAfee LiveSafe 14.0 - Relocations Processing Memory Corruption

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=817 Fuzzing packed executables with McAfee's LiveSafe 14.0 on Windows found a signedness error parsing sections and relocations. The attached fuzzed testcase demonstrates this and...

CVE-2015-8376

Multiple cross-site scripting XSS vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 Navigation Group, or 3 Label parameter to blueprints/sections/edit/1...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 Navigation Group, or 3 Label parameter to blueprints/sections/edit/1...

CVE-2015-7941

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service out-of-bounds read and libxml2 crash via crafted XML data to the 1 xmlParseEntityDecl or 2 xmlParseConditionalSections function in parser.c, as demonstrated by...

studiowest.no XSS vulnerability

Vulnerable URL: http://www.studiowest.no/sections/prophoto/key.php?message= Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 14:24 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

PEframe - Tool to perform static analysis on Portable Executable malware

PEframe is a open source tool to perform static analysis on Portable Executable malware. Usage $ peframe malware.exe $ peframe --option malware.exe Options --json Output in json --import Imported function and dll --export Exported function and dll --dir-import Import directory --dir-export Export...

Microsoft Internet Explorer CTableSection Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how...

Updated file packages fix security vulnerabilities

Updated file packages fix security vulnerabilities: Alexander Cherepanov reported that using the file command on a specially-crafted ELF binary could lead to a denial of service due to uncontrolled resource consumption while processing ELF section headers CVE-2014-9620, CVE-2014-9621. As part of...

Did the “Man With No Name” Feel Insecure?

Posted by James Forshaw, Taker of Names Sometimes when I'm doing security research I'll come across a bug which surprises me. I discovered just such a bug in the Windows version of Chrome which exposed a little-known security detail in the OS. The bug, CVE-2014-3196 was fixed in M38, so it seemed...

IBM DB2 Semaphore Signaling Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11403/info A denial of service vulnerability has been reported in IBM DB2. This vulnerability is reported to only exist when DB2 is installed on Microsoft Windows operating systems. This issue is due to a failure of the...

Joomla Component JE Section Finder LFI Vulnerability

No description provided by source. Name : Joomla jesectionfinder LFI Vulnerability Date : june, 26 2010 Critical Level : HIGH Vendor Url : http://joomlaextensions.co.in/component/awdsong/ Google Dork: inurl:/component/jesectionfinder/ Price:$25.00 Author : Sid3^effects aKa HaRi shellc99atyahoo.co...

Drupal Sections 5.x-1.2/6.x-1.2 Module HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37371/info The Sections module for Drupal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will...

Ubuntu 14.04 LTS : elfutils vulnerability (USN-2188-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2188-1 advisory. Florian Weimer discovered that the elfutils libdw library incorrectly handled malformed compressed debug sections in ELF files. If a user or automated system were...