Piwigo Plugin Facetag 0.0.3 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Facetag Extension in Piwigo, Multiple SQL injection Date: 30-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author:...

PT-2017-17399 · Gnu +3 · Gnutls +4

Name of the Vulnerable Software and Affected Versions: GnuTLS libtasn1 version 4.10 Description: The issue is related to two errors in the asn1 find node function within the libtasn1 library of GnuTLS. These errors can be exploited to cause a stack-based buffer overflow. This can happen when a us...

SUSE SLED12 / SLES12 Security Update : bash (SUSE-SU-2017:1317-1)

This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr1 inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault. Note that...

SUSE-SU-2017:1317-1 Security update for bash

This update for bash fixes an issue that could lead to syntax errors when parsing scripts that use expr1 inside loops. Additionally, the popd build-in now ensures that the normalized stack offset is within bounds before trying to free that stack entry. This fixes a segmentation fault...

How to bypass libinjection in many WAF/NGWAF

Before we start, libinjection is a very popular open-source project created by Nick Galbreath from Signal Sciences. A lot of WAFs and NGWAFs use this library instead of regular expressions because of performance. For example, modsecurity since version 2.7.4 supports libinjection by two operators ...

Updated python-lshell package fixes security vulnerabilities

Shell outbreak due to bad syntax parse CVE-2016-6902. Shell outbreak with multiline commands CVE-2016-6903...

[SECURITY] Fedora 26 Update: pcre-8.40-7.fc26

PCRE, Perl-compatible regular expression, library has its own native API, b ut a set of wrapper functions that are based on the POSIX API are also supplied in the libpcreposix library. Note that this just provides a POSIX calling interface to PCRE: the regular expressions themselves still follow...

Scientific Linux Security Update : 389-ds-base on SL6.x i386/x86_64 (20170411)

Security Fixes : - An invalid pointer dereference flaw was found in the way 389-ds-base handled LDAP bind requests. A remote unauthenticated attacker could use this flaw to make ns-slapd crash via a specially crafted LDAP bind request, resulting in denial of service. CVE-2017-2668 Bug Fixes : -...

Important: Red Hat Security Advisory: 389-ds-base security and bug fix update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

[SECURITY] Fedora 25 Update: curl-7.51.0-6.fc25

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

OracleVM 3.3 / 3.4 : bash (OVMSA-2017-0050)

The remote OracleVM system is missing necessary patches to address critical security updates : - Fix signal handling in read builtin Resolves: 1421926 - CVE-2016-9401 - Fix crash when '-' is passed as second sign to popd Resolves: 1396383 - CVE-2016-7543 - Fix for arbitrary code execution via...

Virtuozzo 7 : readykernel-patch (VZA-2017-017)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol DCCP implementati...

Halcyon - IDE for Nmap Script (NSE) Development

Halcyon is the first IDE specifically focused on Nmap Script NSE Development. This research idea was originated while writing custom Nmap Scripts for Enterprise Penetration Testing Scenarios. The existing challenge in developing Nmap Scripts NSE was the lack of a development environment that give...

Million Message Attack (MMA)

OpenSSL is vulnerable to million message attacks MMA. This is due to the way that OpenSSL has implemented PKCS 7 and Cryptographic Message Syntax CMS, making it easier for attackers to decrypt data...

Fedora 25 : phpMyAdmin (2017-360e912fdb)

Welcome to phpMyAdmin 4.6.6, a release containing security and bug fixes. This release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are...

shopify-scripts: Incorrect code generation with redo inside NODE_RESCUE.

The following code causes mruby to use up all available memory: class A redo rescue c end Following the execution, we see the code in codegen.c jumping between CASEOPONERR and CASEOPJMP. CASEOPONERR uses realloc to double the size of mrb-c-rescue, and since it is stuck in an infinite loop between...

Python's new string format vulnerability analysis-vulnerability warning-the black bar safety net

This article on Python introduced a formatted string of the new syntax of the security vulnerabilities in-depth analysis, and provide appropriate security solutions. When we are on untrusted user input using str. the format of the time, will bring security risks-for this problem, in fact I have...

[SECURITY] Fedora 24 Update: curl-7.47.1-10.fc24

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Vim modelines Remote Command Execution (CVE-2016-1248)

A remote code execution vulnerability exists in the modeline component of Vim due to insufficient input validation when parsing the filetype, syntax, and keymap options in modelines. A remote unauthenticated attacker can exploit this vulnerability by enticing a user to open a file containing a...

Linux/x86 - /bin/bash -c Arbitrary Command Execution Shellcode (72 bytes)

/ ;author: Filippo "zinzloun" Bersani ;date: 16/12/2016 ;version: 1.0 ;X86 Assembly/NASM Syntax ;tested on: Linux OpenSuse001 2.6.34-12-desktop 32bit ; Linux ubuntu 3.13.0-100-generic 147precise1-Ubuntu 32bit ; Linux bb32 4.4.0-45-generic 32bit ;72 bytes ;description: executes arbitrary command...