479 matches found
Terminator RAT became more sophisticated in recent APT attacks
None...
ASLR bypass techniques are popular with APT attacks
Address space layout randomization ASLR is a security technique involved in protection from buffer overflow attacks. Many recent APT Advanced Persistent Threat attacks have utilized many different ASLR bypass techniques during the past year, according to Researchers at FireEye. Many exploits and...
Oracle Linux 5 : kernel (ELSA-2013-1034-1)
From Red Hat Security Advisory 2013:1034 : Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS...
CentOS 5 : kernel (CESA-2013:1034)
Updated kernel packages that fix multiple security issues and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
DEBIAN-CVE-2012-3423
The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant NPStrings without NUL terminators, which allows remote attackers to cause a denial of service crash, obtain sensitive information from memory, or execute arbitrary code via a crafted Java applet...
Scientific Linux Security Update : fetchmail on SL3.x, SL4.x, SL5.x i386/x86_64
CVE-2007-4565 Fetchmail NULL pointer dereference CVE-2008-2711 fetchmail: Crash in large log messages in verbose mode CVE-2009-2666 fetchmail: SSL null terminator bypass It was discovered that fetchmail is affected by the previously published 'null prefix attack', caused by incorrect handling of...
gnome-terminal, xfce4-terminal, terminator and others write scrollback buffer to disk
Title: Gnome terminal, xfce4-terminal, terminator and other libVTE based terminals write scrollback buffer data to /tmp filesystem Report date: 2011-03-06 Reported by: Mark Krenz Severity: High depending on use and expectations Software: libVTE v0.21.6 and later since September 17th, 2009 Copy of...
Unfixed XSS vulnerability at mzc.in
Security researcher bios terminator, has submitted on 27/12/2011 a cross-site-scripting XSS vulnerability affecting mzc.in, which at the time of submission ranked 120853 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/12/2011. It is currentl...
kernel: ipv6: netfilter: ip6_tables: fix infoleak to userspace
net/ipv6/netfilter/ip6tables.c in the IPv6 implementation in the Linux kernel before 2.6.39 does not place the expected '\0' character at the end of string data in the values of certain structure members, which allows local users to obtain potentially sensitive information from kernel memory by...
kernel: bnep device field missing NULL terminator
The bnepsockioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service BUG and...
kernel: bnep device field missing NULL terminator
The bnepsockioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service BUG and...
kernel: ebtables stack infoleak
The doreplace function in net/bridge/netfilter/ebtables.c in the Linux kernel before 2.6.39 does not ensure that a certain name field ends with a '\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory by leveraging the CAPNETADMIN capability ...
CVE-2010-4416
Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims...
Buffer overflow
Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.4 allows remote attackers to affect availability via unknown vectors related to Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims...
Microsoft CryptoAPI Object Identifiers Integer Overflow (MS09-056; CVE-2009-2511)
The CryptoAPI provide services that enable application developers to add encryption/decryption of data, authentication using digital certificates, and encoding to and decoding from Abstract Syntax Notation One ASN.1 to their Windows-based applications. A spoofing vulnerability has been reported i...
Fedora Core 10 FEDORA-2009-8770 (fetchmail)
The remote host is missing an update to fetchmail announced via advisory FEDORA-2009-8770. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
fetchmail: SSL null terminator bypass
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...
Fight network-law enforcement officer and other software attack weapon arpfree-vulnerability warning-the black bar safety net
Method of use: First install winpacp drive, the transmission time can be selected ARP TYPE. If it is ARP request packet, as long as the input to ask the IP address, if the ARP response packets will have to enter the sender IP and the other asks the MAC address of the corresponding IP address...
DEBIAN-CVE-2008-2109
field.c in the libid3tag 0.15.0b library allows context-dependent attackers to cause a denial of service CPU consumption via an ID3FIELDTYPESTRINGLIST field that ends in '\0', which triggers an infinite loop...
CVE-2007-0042
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring o...