Lucene search
+L

479 matches found

The Hacker News
The Hacker News
added 2013/10/27 5:37 a.m.136 views

Terminator RAT became more sophisticated in recent APT attacks

None...

9.3CVSS1.6AI score0.99966EPSS
Exploits12
The Hacker News
The Hacker News
added 2013/10/16 3:42 p.m.42 views

ASLR bypass techniques are popular with APT attacks

Address space layout randomization ASLR is a security technique involved in protection from buffer overflow attacks. Many recent APT Advanced Persistent Threat attacks have utilized many different ASLR bypass techniques during the past year, according to Researchers at FireEye. Many exploits and...

9.3CVSS7.8AI score0.86979EPSS
Exploits42
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.54 views

Oracle Linux 5 : kernel (ELSA-2013-1034-1)

From Red Hat Security Advisory 2013:1034 : Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...

4.9CVSS6.1AI score0.00717EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2013/07/11 12:0 a.m.51 views

CentOS 5 : kernel (CESA-2013:1034)

Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

4.9CVSS6.1AI score0.00717EPSS
Exploits1References9
OSV
OSV
added 2012/08/07 9:55 p.m.2 views

DEBIAN-CVE-2012-3423

The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...

7.5CVSS7.7AI score0.06172EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.43 views

Scientific Linux Security Update : fetchmail on SL3.x, SL4.x, SL5.x i386/x86_64

CVE-2007-4565 Fetchmail NULL pointer dereference CVE-2008-2711 fetchmail: Crash in large log messages in verbose mode CVE-2009-2666 fetchmail: SSL null terminator bypass It was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of...

6.4CVSS7.9AI score0.03003EPSS
Exploits3References4
securityvulns
securityvulns
added 2012/03/09 12:0 a.m.45 views

gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk

Title: Gnome terminal, xfce4-terminal, terminator and other libVTE based terminals write scrollback buffer data to /tmp filesystem Report date: 2011-03-06 Reported by: Mark Krenz Severity: High depending on use and expectations Software: libVTE v0.21.6 and later since September 17th, 2009 Copy of...

6.9AI score
Exploits0
xssed
xssed
added 2011/12/27 12:0 a.m.14 views

Unfixed XSS vulnerability at mzc.in

Security researcher bios terminator, has submitted on 27/12/2011 a cross-site-scripting XSS vulnerability affecting mzc.in, which at the time of submission ranked 120853 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/12/2011. It is currentl...

Exploits0References1
RedHat Linux
RedHat Linux
added 2011/06/21 11:44 p.m.4 views

kernel: ipv6: netfilter: ip6_tables: fix infoleak to userspace

net/ipv6/netfilter/ip6tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by...

2.1CVSS7.1AI score0.00401EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2011/05/10 6:7 p.m.8 views

kernel: bnep device field missing NULL terminator

The bnepsockioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service BUG and...

5.4CVSS7.1AI score0.00662EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2011/05/10 5:16 p.m.12 views

kernel: bnep device field missing NULL terminator

The bnepsockioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service BUG and...

5.4CVSS7.1AI score0.00662EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2011/05/10 5:16 p.m.13 views

kernel: ebtables stack infoleak

The doreplace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETADMIN capability ...

2.1CVSS7.1AI score0.0035EPSS
Exploits1References4
NVD
NVD
added 2011/01/19 4:0 p.m.21 views

CVE-2010-4416

Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims...

5CVSS6.1AI score0.02471EPSS
Exploits0References7
Prion
Prion
added 2011/01/19 4:0 p.m.21 views

Buffer overflow

Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims...

5CVSS6.8AI score0.02471EPSS
Exploits0References7Affected Software1
Check Point Advisories
Check Point Advisories
added 2009/10/13 12:0 a.m.49 views

Microsoft CryptoAPI Object Identifiers Integer Overflow (MS09-056; CVE-2009-2511)

The CryptoAPI provide services that enable application developers to add encryption/decryption of data, authentication using digital certificates, and encoding to and decoding from Abstract Syntax Notation One ASN.1 to their Windows-based applications. A spoofing vulnerability has been reported i...

7.5CVSS6.1AI score0.12959EPSS
Exploits1
OpenVAS
OpenVAS
added 2009/09/09 12:0 a.m.25 views

Fedora Core 10 FEDORA-2009-8770 (fetchmail)

The remote host is missing an update to fetchmail announced via advisory FEDORA-2009-8770. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

6.4CVSS6.1AI score0.01503EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2009/09/08 3:10 p.m.15 views

fetchmail: SSL null terminator bypass

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

6.4CVSS7AI score0.01503EPSS
Exploits1References4
myhack58
myhack58
added 2008/05/10 12:0 a.m.13 views

Fight network-law enforcement officer and other software attack weapon arpfree-vulnerability warning-the black bar safety net

Method of use: First install winpacp drive, the transmission time can be selected ARP TYPE. If it is ARP request packet, as long as the input to ask the IP address, if the ARP response packets will have to enter the sender IP and the other asks the MAC address of the corresponding IP address...

2AI score
Exploits0
OSV
OSV
added 2008/05/07 9:20 p.m.1 views

DEBIAN-CVE-2008-2109

field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service CPU consumption via an ID3FIELDTYPESTRINGLIST field that ends in '\0', which triggers an infinite loop...

5CVSS6.8AI score0.07267EPSS
Exploits2References1
Cvelist
Cvelist
added 2007/07/10 10:0 p.m.39 views

CVE-2007-0042

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring o...

6.5AI score0.77716EPSS
Exploits0References8
Rows per page
Query Builder