Магические методы, сериализация, инъекции в сессию и все-все-все

==-1== Введение Изначально писал для себя, как небольшой сборник полезных идей, в итоге вылилось вот в такую статью. Особого опыта в написании публикаций у меня нет, так что ногами не пинать, я старался Перед переходом к практическим примерам рассмотрим теоретически основы используемых функций...

Default configuration

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

CVE-2010-4312

The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie...

CVE-2010-4312

CVE-2010-4312 affects Apache Tomcat 6.x; the default configuration omits the HTTPOnly flag in Set-Cookie headers, enabling remote session hijacking via script access to cookies. This vulnerability is tied to the standard Tomcat 6.x deployment and is described as a cookie security flag omission th...

Ubuntu 6.06 LTS / 8.04 LTS / 9.10 / 10.04 LTS / 10.10 : mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 vulnerabilities (USN-1017-1)

It was discovered that MySQL incorrectly handled certain requests with the UPGRADE DATA DIRECTORY NAME command. An authenticated user could exploit this to make MySQL crash, causing a denial of service. This issue only affected Ubuntu 9.10 and 10.04 LTS. CVE-2010-2008 It was discovered that MySQL...

kernel: ftrace NULL ptr deref

kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when debugfs is enabled, does not properly handle interaction between mutex possession and llseek operations, which allows local users to cause a denial of service NULL pointer dereference and outage of all function tracing files via an...

CVE-2010-3677

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service mysqld daemon crash via a join query that uses a table with a unique SET column...

MySQL: Mysqld DoS (crash) by processing joins involving a table with a unique SET column (MySQL BZ#54575)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service mysqld daemon crash via a join query that uses a table with a unique SET column...

pam: pam_xauth missing return value checks from setuid() and similar calls

The runcoprocess function in pamxauth.c in the pamxauth module in Linux-PAM aka pam before 1.1.2 does not check the return values of the setuid, setgid, and setgroups system calls, which might allow local users to read arbitrary files by executing a program that relies on the pamxauth PAM check...

pam: pam_namespace executes namespace.init with service's environment

pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pamnamespace PAM...

kernel: DoS on x86_64

The loadelfbinary function in fs/binfmtelf.c in the Linux kernel before 2.6.32.8 on the x8664 platform does not ensure that the ELF interpreter is available before a call to the SETPERSONALITY macro, which allows local users to cause a denial of service system crash via a 32-bit application that...

CVE-2010-2951

dnsinternal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service assertion failure and daemon exit via vectors that trigger an IPv4 DNS response with the TC bit set...

Oracle MySQL Database Unique SET Column Join Denial of Service

MySQL is a popular open-source implementation of a relational database that supports the Structured Query Language SQL for querying and updating stored data. A denial of service vulnerability exists in Oracle MySQL database server. The vulnerability is due to an error while handling joins involvi...

ecshop advertising call page message header is written into the storms path-vulnerability warning-the black bar safety net

/affiche.php,php5 environmental error exposure program path, php4 environment to display the written information the charset parameter is not to do rigorous filtration result in an http message header truncated written...

rpm: fails to drop SUID/SGID bits on package upgrade

lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and RPM before 4.4.3, does not properly reset the metadata of an executable file during replacement of the file in an RPM package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable 1...

Linux/ARM - execve"/bin/sh", 0, 0 vars 27 bytes

Linux/ARM - execve"/bin/sh", 0, 0 vars - 27 bytes. Shellcode exploit for arm platform / Title: Linux/ARM - execve"/bin/sh", 0, 0 vars - 27 bytes Date: 2010-08-31 Tested on: ARM926EJ-S rev 5 v5l Author: Jonathan Salwan - twitter: @jonathansalwan shell-storm.org Shellcode ARM with not a 0x20, 0x0a...

MySQL Community Server < 5.1.49 Multiple Vulnerabilities

The version of MySQL Community Server installed on the remote host is earlier than 5.1.49 and thus potentially affected by multiple vulnerabilities: - DDL statements could cause the server to crash. 55039 - Joins involving a table with a unique SET column could cause the server to crash. 54575 -...

MySQL Community Server 5.1 < 5.1.49 Multiple Denial of Service Vulnerabilities

Binary data 801140.prm...

MySQL Community Server 5.1 < 5.1.49 Multiple Denial of Service Vulnerabilities

Binary data 5646.prm...

pcsc-lite: Privilege escalation via specially-crafted client to PC/SC Smart Card daemon messages

The MSGFunctionDemarshall function in winscardsvc.c in the PC/SC Smart Card daemon aka PCSCD in MUSCLE PCSC-Lite before 1.5.4 might allow local users to cause a denial of service daemon crash via crafted SCARDSETATTRIB message data, which is improperly demarshalled and triggers a buffer over-read...