Debian DLA-1335-1 : zsh security update

Two security vulnerabilities were discovered in the Z shell. CVE-2018-1071 Stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service. CVE-2018-1083 Buffer overflow in the shell autocomplete functionality. A local unprivileged user...

CVE-2018-1232

RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the...

Stack overflow

RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are impacted by a stack-based buffer overflow which may occur when handling certain malicious web cookies that have invalid formats. The attacker could exploit this vulnerability to crash the...

[SECURITY] [DLA 1326-1] php5 security update

Package : php5 Version : 5.4.45-0+deb7u13 CVE ID : CVE-2018-7584 Wei Lei and Liu Yang of Nanyang Technological University discovered a stack-based buffer overflow in PHP5 when parsing a malformed HTTP response which can be exploited to cause a denial-of-service. For Debian 7 "Wheezy", these...

Cisco Smart Install Remote Code Execution(CVE-2018-0171)

Introduction Application: Cisco IOS, Cisco IOS-XE Vendor: Cisco Bugs: Stack-based buffer overflow CWE-20, CWE-121 Risk: Critical; AV:N/AC:L/Au:N/C:C/I:C/A:C 10.0 A stack-based buffer overflow vulnerability was found in Smart Install Client code. This vulnerability enables an attacker to remotely...

openSUSE Security Update : librelp (openSUSE-2018-319)

This update for librelp fixes the following issues : - CVE-2018-1000140: A stack-based buffer overflow in the code for checking of x509 certificates allowed a remote attacker with an access to the rsyslog logging facility to potentially execute arbitrary code by sending a specially crafted x509...

SUSE SLES12 Security Update : librelp (SUSE-SU-2018:0828-1)

This update for librelp fixes the following issues: CVE-2018-1000140 bsc1086730: librelp contained a stack-based buffer overflow in the checking of x509 certificates. A remote attacker with an access to the rsyslog logging facility could have exploited it by sending a specially crafted x509...

Security update for librelp (important)

This update for librelp fixes the following issues: - CVE-2018-1000140: A stack-based buffer overflow in the code for checking of x509 certificates allowed a remote attacker with an access to the rsyslog logging facility to potentially execute arbitrary code by sending a specially crafted x509...

[SECURITY] [DSA 4151-1] librelp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4151-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso March 26, 2018 https://www.debian.org/security/faq -...

Crashmail 1.6 - Stack-Based Buffer Overflow (ROP)

Crashmail 1.6 - Stack-Based Buffer Overflow ROP Exploit author: Juan Sacco Website: http://exploitpack.com Description: Crashmail is prone to a stack-based buffer overflow because the application fails to perform adequate boundary checks on user supplied input. Impact: An attacker could exploit...

Crashmail 1.6 - Stack-Based Buffer Overflow (ROP) Exploit

Exploit for linux platform in category local exploits Exploit author: Juan Sacco Website: http://exploitpack.com Description: Crashmail is prone to a stack-based buffer overflow because the application fails to perform adequate boundary checks on user supplied input. Impact: An attacker could...

UNAUTHENTICATED START OF TELNETD ON TENDA AC15 ROUTER

INTRODUCTION We previously showed how the Tenda AC15 router was vulnerable to an unauthenticated remote code execution vulnerability via a stack based buffer overflow. Writing exploits like that can be incredibly interesting, but sometimes, all you need is a GET request to get root. In this post ...

Omron CX-Supervisor (Update A)

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Low skill level to exploit Vendor : Omron Equipment : CX-Supervisor Vulnerabilities : Stack-based Buffer Overflow, Use After Free, Access of Uninitialized Pointer, Double Free, Out-of-bounds Write, Untrusted Pointer Dereference, Heap-based Buffer...

SC 7.16 - Stack-Based Buffer Overflow Exploit

Exploit for linux platform in category local exploits Exploit Author: Juan Sacco - http://www.exploitpack.com Bug found using Exploit Pack - Local fuzzer feature. Tested on: GNU/Linux - Kali Linux Filename: pool/main/s/sc/sc7.16-4+b2i386.deb Description: SC v7.16 is prone to a basic stack-based...

Stack overflow

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service...

CVE-2018-1071

CVE-2018-1071 : The connected advisories confirm a stack-based buffer overflow in zsh’s exec.c:hashcmd() (through version 5.4.2), enabling a local attacker to cause a denial of service. Affected products include zsh across multiple distributions (Amazon Linux 2, Debian, CentOS/RHEL, Fedora, Gento...

CVE-2018-1071

zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd function. A local attacker could exploit this to cause a denial of service...

CVE-2018-5452

The CVE-2018-5452 vulnerability affects Emerson ControlWave Micro Process Automation Controller (ProConOS v.4.01.280; firmware CWM v.05.78.00 and earlier). It is a stack-based buffer overflow triggered by crafting packets to port 20547, which can cause the PLC to halt. Impact described includes p...

Delta Industrial Automation DOPSoft DPA File wTextLen Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

Delta Industrial Automation DOPSoft DPA File AfterExecMacro Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...