93 matches found
Qualcomm RIL Buffer Error Vulnerability
Qualcomm RIL is a Qualcomm Incorporated USA support component used in chips. A buffer error vulnerability exists in Qualcomm RIL, which arises from a stack overflow that can occur when the configuration size of a GSM WCDMA broadcast received from a user is larger than a variable-length array...
kernel: buffer-overflow hardening in WiFi beacon validation code.
A flaw in the Linux kernel's WiFi beacon validation code was discovered. The code does not check the length of the variable length elements in the beacon head potentially leading to a buffer overflow. System availability, as well as data confidentiality and integrity, can be impacted by this...
OpenSSL -- ChaCha20-Poly1305 nonce vulnerability
The OpenSSL project reports: Low: ChaCha20-Poly1305 with long nonces CVE-2019-1543 ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length a...
[SECURITY] Fedora 24 Update: libdb-5.3.28-24.fc24
The Berkeley Database Berkeley DB is a programmatic toolkit that provides embedded database support for both traditional and client/server applications. The Berkeley DB includes B+tree, Extended Linear Hashing, Fixed and Variable-length record access methods, transactions, locking, logging, share...
CVE-2016-3934
drivers/media/platform/msm/camerav2/sensor/io/msmcameraccii2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka...
CVE-2016-3934
drivers/media/platform/msm/camerav2/sensor/io/msmcameraccii2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka...
UBUNTU-CVE-2016-3922
libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619...
CVE-2016-3922
libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619...
On the PHP multi-character set encoding vulnerability research-exploit warning-the black bar safety net
| First, do an experiment,in the local environment in the establishment of such a php file ? php header"Content-Type:text/html;Charset=gb2312"; echo $GET"str"; echi "br/"; echo addslashes$GET"str"; ?& gt; Here my php environment has opened the Magicquotesgpc,contemporary code inside also made to...
Security Best Practice: Protect Yourself from MS-RPC and DCE-RPC Vulnerabilities
DCE/RPC stands for "Distributed Computing Environment / Remote Procedure Calls". It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having...
PHP php_binary / WDDX information leak
Fragment of heap memory may be red because of missed variable length checking...
Variable-length Fnstenv/mov Dword XOR Encoder
This encoder uses a variable-length mov equivalent instruction with fnstenv for getip. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Variable-length Fnstenv/mov Dword XOR Encoder',...
GLIBC (via /bin/su) Local Root Exploit
Exploit for linux platform in category local exploits ====================================== GLIBC via /bin/su Local Root Exploit ====================================== / Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of...