drchrono: Bypass password complexity requirements on passsword reset page

Hi, the 'password reset' feature doesn't implement the password complexity requirements the site enforces when first signing up. Because of this issue, I was able to set my password to '1', bypassing the 8 character rule, and the rule which requires me to add a number and a special character to m...

Reverse Engineering Cross Platform Disassembler: Panopticon

Reverse Engineering Cross Platform Disassembler Panopticon is a disassembler that understands the semantics of opcodes. This way it’s able to help the user by discovering and displaying invariants that would have to be discovered “by hand” in traditional disassemblers. This allows an interactive...

dosfstools memory leak vulnerability

dosfstools is a set of open source command line utilities , it supports the user to be able to easily and quickly create labels and check the GNU/Linux operating system in the MS-DOS FAT file system , etc. . A security vulnerability exists in the 'setfat' function of dosfstools, which originates...

7zip UDF CInArchive::ReadFileItem Code Execution Vulnerability

Summary An out of bound read vulnerability exists in the CInArchive::ReadFileItem method functionality of 7zip for handling UDF files that can lead to denial of service or code execution. Tested Versions 7-Zip 32 15.05 beta 7-Zip 64 9.20 Product URLs http://www.7-zip.org/ Details...

ALPINE-CVE-2016-4477

wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...

CVE-2016-4477

CVE-2016-4477 affects wpa_supplicant (and hostapd) when updating WPA/WPA2 passphrases: input containing newline/control characters can cause the updated configuration to execute code or disrupt service. In practice, this enables local privilege escalation via the control interface (SET_NETWORK) a...

UBUNTU-CVE-2016-4477

wpasupplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service daemon outage, via a crafted 1 SET, 2 SETCRED, or 3 SETNETWORK command...

Wireshark ASN.1 BER parser denial of service vulnerability (CNVD-2016-02773)

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. A denial of service vulnerability exists in the epan/dissectors/packet-ber.c file in the ASN.1 BER parser in Wireshark version 1.12.x before 1.12.10 and version 2.x before 2.0.2. A...

DEBIAN-CVE-2016-4418

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet that triggers an empty set...

UBUNTU-CVE-2016-4418

epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service buffer over-read and application crash via a crafted packet that triggers an empty set...

UBUNTU-CVE-2016-3672

The archpickmmaplayout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDRNORANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid...

CVE-2016-2304

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Code injection

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Linux kernel SET_WPS_IE IOCTL component stack buffer overflow vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A stack buffer overflow vulnerability exists in the SETWPSIE IOCTL component of the Linux kernel. A local attacker could exploit this vulnerability to affect confidentiality,...

CVE-2016-2304

Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

Hyper-V - 'vmswitch.sys' VmsMpCommonPvtHandleMulticastOids Guest to Host Kernel-Pool Overflow

/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=688 This function is reachable by sending a RNDIS Set request with OID 0x01010209 OID8023MULTICASTLIST from the Guest to the Host. This function potentially allocates a buffer based on the addresses sent. The number of entries is...

CVE-2016-3079

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

CVE-2016-3079

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

PT-2016-5360 · Red Hat · Red Hat Satellite

Name of the Vulnerable Software and Affected Versions: Red Hat Satellite versions 5.7 Description: The issue allows remote attackers to inject arbitrary web script or HTML via several vectors, including the PATH INFO to "systems/SystemEntitlements.do" API endpoint, the label parameter to...