53 matches found
CVE-2017-9083
poppler 0.54.0, as used in Evince and other products, has a NULL pointer dereference in the JPXStream::readUByte function in JPXStream.cc. For example, the perftest utility will crash segmentation fault when parsing an invalid PDF file...
shopify-scripts: SIGSEGV in mrb_vm_exec
PoC: ------------------- The following code triggers the bug attached as testmrbvmexec1296.rb: 0.instanceevalsuper Sandbox: ------------------- x@x:/Desktop/research/mruby-engine/bin$ ./sandbox testmrbvmexec1296.rb ./sandbox:20: BUG Segmentation fault at 0x00000000000028 ruby 2.2.6p396 2016-11-15...
CVE-2016-9629
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-33. w3m allows remote attackers to cause a denial of service segmentation fault and crash via a crafted HTML page...
shopify-scripts: Crash: Overwriting NoMethodError with a builtin class crashes/corrupts memory
Uhm, while testing this I seem to have broken https://mruby.science.. Ooops, sorry about that! Anyway, here's the bug: Overwriting at least, not sure about other triggers NoMethodError with a builtin class like Fixnum or Integer leads to a rather interesting behavior. https://mruby.science didn't...
ntp, ntpdate, sntp security update
CentOS Errata and Security Advisory CESA-2016:2583 An update for ntp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Linux, the underlying function library“glibc”reproduction is a major security vulnerability, a plurality of releases affected-vulnerability warning-the black bar safety net
Google's security research team recently disclosed a glibc getaddrinfo-overflow vulnerability. Vulnerability details the discovery process can be found in the Google blog. Digression, Google engineers are genuine Vulnerability description: The vulnerability cause is that the DNS Server Response t...
389 security update
CentOS Errata and Security Advisory CESA-2013:0742 Updated 389-ds-base packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring...
Dopewars Denial of Service
The jet command in Dopewars 1.5.12 is vulnerable to a segmentation fault due to a lack of input validation. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dopewars Denial of Service',...
Buffer overflow
Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service segmentation fault via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. NOTE: this issue might be a buffer overflow or overread...
[EXPL] eXtropia WebStore Remote Command Execution (web_store.cgi)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
webstore.pl.txt
!/usr/bin/perl -w Remote Command Execution Vulnerability In Webstore.cgi SegmentationFault Group Greetz to : Xsupr3mo - failed - Status-x - Stealh - P3S4D3L0 Greetz to : berhooz - nima - ehsan - Unknown OutLaw eutanasia www.ashiyane.com ok setp by setp to work : start exploit If connect back shel...
eXtropia Shopping Cart web_store.cgi Remote Exploit
Exploit for cgi platform in category web applications =================================================== eXtropia Shopping Cart webstore.cgi Remote Exploit =================================================== !/usr/bin/perl -w Remote Command Execution Vulnerability In Webstore.cgi SegmentationFau...
eXtropia Shopping Cart - 'web_store.cgi' Remote Command Execution
!/usr/bin/perl -w Remote Command Execution Vulnerability In Webstore.cgi SegmentationFault Group Greetz to : Xsupr3mo - failed - Status-x - Stealh - P3S4D3L0 Greetz to : berhooz - nima - ehsan - Unknown OutLaw eutanasia www.ashiyane.com ok setp by setp to work : start exploit If connect back shel...