CVE-2020-36518

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects...

CVE-2022-22894

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecmalcachelookup in /jerry-core/ecma/base/ecma-lcache.c...

CVE-2021-29329

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c...

CVE-2020-19463

An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow...

SUSE: Security Advisory (SUSE-SU-2016:3251-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Prepare for more sophisticated security threats in 2021

As computing becomes more distributed to achieve greater optimization and efficiency, the threats posed by cyberattackers are destined to become increasingly more sophisticated. Here are some steps organizations should take in 2021 to mitigate such sophisticated security threats. Start with...

Stack overflow

libcroco through 0.6.13 has excessive recursion in crparserparseanycore in cr-parser.c, leading to stack consumption...

Untrusted data can lead to DoS attack due to hash collisions and stack overflow in MessagePack

Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by either of two vectors: 1. hash collisions - leading to large CPU consumption disproportionate to the size of the data being deserialized. 1. stack overflow -...

Allok Video Converter 4.6.1217 - Stack Overflow (SEH)

Allok Video Converter 4.6.1217 - Stack Overflow SEH Exploit Title: Allok Video Converter 4.6.1217 - Stack Overflow SEH Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.alloksoft.com Software Link: https://www.alloksoft.com/allokvconverter.exe Version: 4.6.1217...

CVE-2018-12183

Stack overflow in DxeCore for EDK II may allow an unauthenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via local access...

SocialFish v2 - Educational Phishing Tool & Information Collector

Ultimate phishing tool with Ngrok integrated. Are you looking for SF's mobile controller? UndeadSec/SocialFishMobile PREREQUISITES Python 2.7 Wget from Python PHP TESTED ON Kali Linux - ROLLING EDITION CLONE git clone https://github.com/UndeadSec/SocialFish.git RUNNING cd SocialFish sudo pip...

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Exploit

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution Exploit I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just...

Shipt: Slack token leaking in stackoverflow and devtimes

A Shipt employee inadvertently posted a Slack Webhook URI including the authentication token on two public tech forums: Stackoverflow.com and devtimes.com. While this incoming webhook's configuration was restricted to posting in a single channel created for testing this application and only 2 Shi...

CVE-2018-18730

An issue was discovered on Tenda AC7 V15.03.06.44CN, AC9 V15.03.05.196318CN, AC10 V15.03.06.23CN, AC15 V15.03.05.19CN, and AC18 V15.03.05.196318CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the 'startIp' and 'endIp' parameters for a pos...

ghostscript - executeonly Bypass with errorhandler Setup Exploit

Exploit for linux platform in category local exploits While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc...

ghostscript - executeonly Bypass with errorhandler Setup

While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc. Additionally, because nautilus will automatically invoke...

Ultimate Phishing Tool with Ngrok Integrated: SocialFish

Available Pages + Facebook: Traditional Facebook login page. Advanced login with Facebook. + Google: Traditional Google login page. Advanced login with Facebook. + LinkedIN: Traditional LinkedIN login page. + Github: Traditional Github login page. + Stackoverflow: Traditional Stackoverflow...

SocialFish - Ultimate phishing tool with Ngrok integrated

Ultimate phishing tool with Ngrok integrated. PREREQUISITES Python 2.7 Wget from Python PHP TESTED ON Kali Linux - ROLLING EDITION CLONE git clone https://github.com/UndeadSec/SocialFish.git RUNNING cd SocialFish sudo pip install -r requirements.txt python SocialFish.py AVAILABLE PAGES + Facebook...

Security update for tiff (important)

This update for tiff to version 4.0.9 fixes the following issues: Security issues fixed: - CVE-2014-8128: Fix out-of-bounds read with malformed TIFF image in multiple tools bsc969783. - CVE-2015-7554: Fix invalid write in tiffsplit / TIFFVGetField bsc960341. - CVE-2016-10095: Fix stack-based buff...

FS Stackoverflow Clone SQL Injection Vulnerability

FS Stackoverflow Clone is a set of PHP-based scripts for online Q&A sites. A SQL injection vulnerability exists in FS Stackoverflow Clone version 1.0. A remote attacker can exploit this vulnerability to inject SQL commands...