Jungo Windriver 12.5.1 - Local Privilege Escalation

// ConsoleApplication1.cpp : Defines the entry point for the console application. // include "stdafx.h" include include define device L"\\.\WINDRVR1251" define SPRAYSIZE 30000 typedef NTSTATUSWINAPI PNtAllocateVirtualMemory HANDLE ProcessHandle, PVOID BaseAddress, ULONG ZeroBits, PULONG...

[SECURITY] Fedora 26 Update: heimdal-7.5.0-1.fc26

Kerberos 5 is a network authentication and single sign-on system. Heimdal is a free Kerberos 5 implementation without export restrictions written from the spec rfc1510 and successors including advanced features like thread safety, IPv6, master-slave replication of Kerberos Key Distribution Center...

Denial of Service Vulnerability in ForceControl V7.2 Product NetServer.exe

ForceControl is the configuration software developed by ForceControl Technology for the general monitoring and control configuration software market. As the basic platform software in industrial automation software, ForceControl can provide solutions for all kinds of industries. A denial of servi...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

IBM WebSphere MQ Denial of Service Vulnerability

IBM WebSphere MQ is a messaging middleware product from IBM, USA. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA. A denial of service vulnerability exists in IBM WebSphere MQ versions 7.5, 8.0, and 9.0. A local attacker could exploi...

CVE-2017-17426

The malloc function in the GNU C Library aka glibc or libc6 2.26 could return a memory block that is too small if an attempt is made to allocate an object whose size is close to SIZEMAX, potentially leading to a subsequent heap overflow. This occurs because the per-thread cache aka tcache feature...

CVE-2017-16378

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses a pointer that has not been initialized; t...

anleihencheck.de XSS vulnerability

Open Bug Bounty ID: OBB-446333 Description| Value ---|--- Affected Website:| anleihencheck.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Security feature bypass

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of out-of-bound buffer accesses due to no synchronization in accessing global variables by multiple threads...

CVE-2017-11023

Technical details (affected products, versions, root cause, and fixes) are not publicly provided in the supplied documents. Monitor for updates.

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation

// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...

Fedora 26 : SDL2 (2017-5b132e3803)

Added audio stream conversion functions : - SDLNewAudioStream - SDLAudioStreamPut - SDLAudioStreamGet - SDLAudioStreamAvailable - SDLAudioStreamFlush - SDLAudioStreamClear - SDLFreeAudioStream - Added functions to query and set the SDL memory allocation functions : - SDLGetMemoryFunctions -...

ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service

ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service !/usr/bin/env python coding: utf-8 Description: The vulnerability was discovered during a vulnerability research lecture. Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU...

ArGoSoft Mini Mail Server 1.0.0.2 - Denial of Service

!/usr/bin/env python coding: utf-8 Description: The vulnerability was discovered during a vulnerability research lecture. Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources memory consumption via unspecified vectors...

Security Flaws in Children's Smart Watches

The Norwegian Consumer Council has published a report detailing a series of security and privacy flaws in smart watches marketed to children. Press release. News article. This is the same group that found all those security and privacy vulnerabilities in smart dolls. EDITED TO ADD 10/21: Slashdot...

Computerinsel Photoline SVG Parsing Code Execution Vulnerability

Summary An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SV...

CVE-2017-1235

IBM WebSphere MQ 8.0 could allow an authenticated user to cause a premature termination of a client application thread which could potentially cause denial of service. IBM X-Force ID: 123914...

CVE-2017-9677

In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msmcomprioctlshared, variable "ddp-paramslength" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, ra...