dcrawl - Simple, But Smart, Multi-Threaded Web Crawler For Randomly Gathering Huge Lists Of Unique Domain Names

dcrawl is a simple, but smart, multi-threaded web crawler for randomly gathering huge lists of unique domain names. How it works? dcrawl takes one site URL as input and detects all links in the site's body. Each found link is put into the queue. Successively, each queued link is crawled in the sa...

CVE-2013-0870

The 'vp3decodeframe' function in FFmpeg 1.1.4 moves threads check out of header packet type check...

CVE-2013-0870

The 'vp3decodeframe' function in FFmpeg 1.1.4 moves threads check out of header packet type check...

CVE-2013-0870

The 'vp3decodeframe' function in FFmpeg 1.1.4 moves threads check out of header packet type check...

Downloading entire Vulners.com database in 5 minutes

Today I once again would like to talk about Vulners.com and why, in my opinion, it is the best vulnerability database that exist nowadays and a real game-changer. The main thing is transparency. Using Vulners you not only can search for security content see "Vulners – Google for hacker", but...

Behind the CARBANAK Backdoor

In this blog, we will take a closer look at the powerful, versatile backdoor known as CARBANAK aka Anunak. Specifically, we will focus on the operational details of its use over the past few years, including its configuration, the minor variations observed from sample to sample, and its evolution...

Security Advisory - Memory Double Free Vulnerability in Touch Panel Driver of Some Huawei Smart Phones

The Touch Panel TP driver of some Huawei smart phones has a memory double free vulnerability. An attacker with the root privilege of the Android system tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which coul...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

undertow: IO thread DoS via unclean Websocket closing

It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS...

CVE-2017-8891

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

Code injection

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

CVE-2017-8891

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

CVE-2017-8891

Dropbox Lepton 1.2.1 allows DoS SEGV and application crash via a malformed lepton file because the code does not ensure setup of a correct number of threads...

CVE-2017-8891

Technical details (affected product versions, root cause specifics, exploits) are not publicly disclosed in the provided documents; monitor for updates.

Apache Tomcat DoS and Information Disclosure Vulnerabilities (Apr 2017) - Windows

Apache Tomcat is prone to denial of service DoS and information disclosure vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

CVE-2017-5650

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...

XNU kernel UaF due to lack of locking in set_dp_control_port (CVE-2016-7644)

setdpcontrolport is a MIG method on the hostprivport so this bug is a root-kernel escalation. kernreturnt setdpcontrolport hostprivt hostpriv, ipcportt controlport if hostpriv == HOSTPRIVNULL return KERNINVALIDHOST; if IPVALIDdynamicpagercontrolport ipcportreleasesenddynamicpagercontrolport;...

CVE-2017-5650

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOWUPDATE before allowing the application to write more data. These waiting streams each...

Denial Of Service (DoS)

tomcat-coyote is vulnerable to denial of service DoS attacks. A malicious user can send malicious HTTP/2 requests that can consume all available threads...