Filezilla Client 2.2.X - SEH Buffer Overflow Exploit

Exploit for windows platform in category remote exploits Exploit Title: Filezilla client 2.2.X SEH buffer overflow exploit Date: 02/08/2015 Exploit Author: ly0n Vendor Homepage: filezilla-project.org/ Software Link: http://www.oldapps.com/filezilla.php?app=7cdf14e88e9dfa85fb661c1c6e649e90 Version...

Moderate: Red Hat Bug Fix Advisory: 389-ds-base bug fix update

Updated 389-ds-base packages that fix several bugs are now available for Red Hat Enterprise Linux 7. The 389 Directory Server is an LDAPv3 compliant server. The base packages include the LDAP server and command-line utilities for server administration. This update fixes the following bugs:...

kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS

It was found that the espfix functionality could be bypassed by installing a 16-bit RW data segment into GDT instead of LDT which espfix checks, and using that segment on the stack. A local, unprivileged user could potentially use this flaw to leak kernel stack addresses...

MariaDB 10.1.x < 10.1.5 wait_for_workers_idle() Function Worker Thread Handling DoS

The version of MariaDB running on the remote host is 10.1.x prior to 10.1.5. It is, therefore, affected by a denial of service vulnerability due to a flaw in the waitforworkersidle function that occurs when handling worker threads. An authenticated, remote attacker can exploit this to crash the...

php: Double-free in zend_ts_hash_graceful_destroy()

A double free flaw was found in zendtshashgracefuldestroy function in the PHP ZTS module. This flaw could possibly cause a PHP application to crash...

Spring3. 2. 1 1 with Quartz2. 2. 1 integrated memory leaks problem solving-vulnerability warning-the black bar safety net

Quartz is a timer task scheduling open-source framework, use up more convenient. And Spring's support package for Quartz with integrated. But the author in the web application using the process but encountered a memory leak problem. Problems of the author in using the Spring+Quartz usage is as...

Blackbone - Windows Memory Hacking Library

Blackbone, Windows Memory Hacking Library Features x86 and x64 support Process interaction Manage PEB32/PEB64 Manage process through WOW64 barrier Process Memory Allocate and free virtual memory Change memory protection Read/Write virtual memory Process modules Enumerate all 32/64 bit modules...

USN-2639-1 openssl vulnerabilities

Praveen Kariyanahalli, Ivan Fratric and Felix Groebert discovered that OpenSSL incorrectly handled memory when buffering DTLS data. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2014-8176 Joseph...

Medusa - Speedy, Parallel and Modular Login Brute-Forcer

Medusa is intended to be a speedy, massively parallel, modular, login brute-forcer. The goal is to support as many services which allow remote authentication as possible. The author considers following items as some of the key features of this application: Thread-based parallel testing. Brute-for...

kernel: partial ASLR bypass through TLS base addresses leak

An information leak flaw was found in the way the Linux kernel changed certain segment registers and thread-local storage TLS during a context switch. A local, unprivileged user could use this flaw to leak the user space TLS base address of an arbitrary process...

Design/Logic Flaw

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service thread consumption via a series of aborted uploa...

CVE-2014-0230

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service thread consumption via a series of aborted uploa...

CVE-2014-0230

CVE-2014-0230 affects Apache Tomcat: 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9. The issue occurs when an HTTP response is sent before the server finishes reading the entire request body, enabling remote attackers to trigger a denial-of-service via a series of aborted upload attem...

Jildi FTP Client 1.5.2 Build 1138 Buffer Overflow Exploit

Jildi FTP Client version 1.5.2 build 1138 suffers from a buffer overflow vulnerability. !/usr/bin/python Exploit Title:Jildi FTP Client Buffer Overflow Poc Version:1.5.2 Build 1138 Homepage:http://de.download.cnet.com/Jildi-FTP-Client/3000-21604-10562942.html Software...

DEBIAN-CVE-2015-2830

arch/x86/kernel/entry64.S in the Linux kernel before 3.19.2 does not prevent the TSCOMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the 1 fork or 2 close system call, as demonstrated b...

SUSE SLED10 / SLES10 Security Update : kernel (SUSE-SU-2012:1391-1)

This Linux kernel update fixes various security issues and bugs in the SUSE Linux Enterprise 10 SP4 kernel. The following security issues have been fixed : CVE-2011-2494: kernel/taskstats.c in the Linux kernel allowed local users to obtain sensitive I/O statistics by sending taskstats commands to...

Race condition

Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free and heap memory corruption by leveraging improper Media Decoder Thread creation at the time of a...

CVE-2015-2715

CVE-2015-2715 describes a race condition in Mozilla Firefox prior to 38.0 related to nsThreadManager::RegisterCurrentThread during shutdown when Media Decoder threads are created. This leads to use-after-free and heap memory corruption, enabling remote attackers to potentially execute arbitrary c...

Mozilla Firefox Conditional Contested Memory Misreference Vulnerability

Mozilla Firefox is a popular open source WEB browser. Mozilla Firefox's creation of a media decoding thread in the shutdown process can lead to a race condition vulnerability that can lead to memory misreferences, which allows remote attackers to exploit the vulnerability to build malicious WEB...

firefox: multiple issues

CVE-2015-2708 Memory safety bugs fixed in Firefox ESR 31.7 and Firefox 38: Jesse Ruderman, Mats Palmgren, Byron Campen, and Steve Fink reported memory safety problems and crashes that affect Firefox ESR 31.6 and Firefox 37. - CVE-2015-2709 Memory safety bugs fixed in Firefox 38: Gary Kwong,...