223 matches found
PT-2020-17181 · Go +2 · Go +2
Name of the Vulnerable Software and Affected Versions: Go versions 1.15 and earlier Description: The issue arises from the encoding/xml package in Go not correctly preserving the semantics of directives during tokenization round-trips. This allows an attacker to craft inputs that behave in...
[SECURITY] Fedora 32 Update: lua-5.3.5-8.fc32
Lua is a powerful light-weight programming language designed for extending applications. Lua is also frequently used as a general-purpose, stand-alone language. Lua is free software. Lua combines simple procedural syntax with powerful data description constructs based on associative arrays and...
CVE-2019-16992
The Keybase app 2.13.2 for iOS provides potentially insufficient notice that it is employing a user's private key to sign a certain cryptocurrency attestation that an address at keybase.io can be used for Stellar payments to the user, which might be incompatible with a user's personal position on...
iOSmacOS - task_swap_mach_voucher() Use-After-Free
iOSmacOS - taskswapmachvoucher Use-After-Free / voucherswap-poc.c Brandon Azad / if 0 iOS/macOS: taskswapmachvoucher does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 CVE-2016-7612, 954 CVE-2016-7633, 1417...
iOS / macOS - task_swap_mach_voucher() Use-After-Free Exploit
/ voucherswap-poc.c Brandon Azad / if 0 iOS/macOS: taskswapmachvoucher does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 CVE-2016-7612, 954 CVE-2016-7633, 1417 CVE-2017-13861, asyncwake, 1520 CVE-2018-4139,...
Reverse Engineering Cross Platform Disassembler: Panopticon
Reverse Engineering Cross Platform Disassembler Panopticon is a disassembler that understands the semantics of opcodes. This way it’s able to help the user by discovering and displaying invariants that would have to be discovered “by hand” in traditional disassemblers. This allows an interactive...
[SECURITY] Fedora 23 Update: pcre-8.38-1.fc23
Perl-compatible regular expression library. PCRE has its own native API, but a set of "wrapper" functions that are base d on the POSIX API are also supplied in the library libpcreposix. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...
Oracle: Security Advisory (ELSA-2007-0347)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
CXF: Improper security semantics enforcement of SAML SubjectConfirmation methods
It was found that Apache WSS4J Web Services Security for Java, as used by Apache CXF with the TransportBinding, did not, by default, properly enforce all security requirements associated with SAML SubjectConfirmation methods. A remote attacker could use this flaw to perform various types of...
Lightweight Disassembly Framework: Capstone
Lightweight Disassembly Framework Capstone is a multi-platform, multi-architecture lightweight disassembly framework. Capstone Disassembly Engine v3.0 Released Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. Features...
Design/Logic Flaw
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecifi...
Matt Kimball and Roger Wolff mtr 0.28/0.41,Turbolinux 3.5 b2/4.2/4.4/6.0 mtr Vulnerability.2
No description provided by source. source: http://www.securityfocus.com/bid/1038/info A potential vulnerability exists in the 'mtr' program, by Matt Kimball and Roger Wolff. Versions prior to 0.42 incorrectly dropped privileges on all Unix variants except HPUX. By calling a seteuidgetuid call, th...
[Capstone] Ultimate Disassembly Framework
Capstone is a lightweight multi-platform, multi-architecture disassembly framework. Our target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community. Features Support hardware architectures: ARM, ARM64 aka ARMv8, Mips & X86 more details...
[SECURITY] Fedora 18 Update: nodejs-read-package-json-1.1.0-2.fc18
The thing npm uses to read package.json files, with semantics, defaults and validation...
[SECURITY] Fedora 12 Update: python-mako-0.3.4-1.fc12
Mako is a template library written in Python. It provides a familiar, non-X ML syntax which compiles into Python modules for maximum performance. Mako's syntax and API borrows from the best ideas of many others, including Django templates, Cheetah, Myghty, and Genshi. Conceptually, Mako is an...
PHP 6.0 Dev str_transliterate() Buffer Overflow
whoami whoami nt authority\system / errorreporting0; $bases = $GET'poss'; $basee = $GET'pose'; $offs = $GET'offs'; $offe = $GET'offe'; ifinigetbool'unicode.semantics' $buff = strrepeat"\u4141", 32; $tbp = "\u2650\u6EE5"; // 6EE52650 ADDRESS TO BE PATCHED BY WPM $ptw = "\u2FE0\u6EE5"; // 6EE52FE0...
PHP 6.0 Dev str_transliterate() Buffer overflow - NX + ASLR Bypass
Exploit for windows platform in category local exploits ================================================================== PHP 6.0 Dev strtransliterate Buffer overflow - NX + ASLR Bypass ================================================================== whoami whoami nt authority\system /...
PHP 6.0 Dev str_transliterate() Buffer Overflow
Exploit Title: PHP 6.0 Dev strtransliterate 0Day Buffer Overflow Exploit Date: 2010-04-04 Author: Pr0T3cT10n Software Link: http://downloads.sourceforge.net/project/wampserver/WampServer%202%20-%20Extensions/PHP/WampServer2-PHP6.0dev.exe?usemirror=garr Version: 6.0 Dev Tested on: WIN XP HEB SP3...
...because you can't get enough of clickjacking
I promise to post something more interesting shortly - but in the meantime, I wanted to drop a quick note about something kinda amusing. There was a considerable amount of buzz around clickjacking 1 in the past year or so. It is commonly believed that this simple attack can only be realistically...