9574 matches found
macOS Kernel 10.12.3 (16D32) - audit_pipe_open Off-by-One Memory Corruption Exploit
Exploit for macOS platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1126 MacOS kernel memory corruption due to off-by-one in auditpipeopen auditpipeopen is the special file open handler for the auditpipe device major number 10. Here's the code:...
UBUNTU-CVE-2016-10211
libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted rule that is mishandled in the yrparserlookuploopvariable function...
PT-2017-7808
Name of the Vulnerable Software and Affected Versions YARA version 3.5.0 Description The issue allows remote attackers to cause a denial of service, resulting in a use-after-free and application crash. This occurs when a crafted rule is mishandled in the yr parser lookup loop variable function...
CVE-2017-6455
NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows local users to gain privileges via a DLL in the PPSAPIDLLS environment variable...
CVE-2017-6458
Multiple buffer overflows in the ctlput functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable...
CVE-2017-6458
Multiple buffer overflows in the ctlput functions in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allow remote authenticated users to have unspecified impact via a long variable...
NETGEAR WNR2000v5 - (Un)authenticated hidden_lang_avi Stack Overflow Exploit
Exploit for hardware platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlangavi Stack...
Hardcoded credentials
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
DEBIAN-CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
UBUNTU-CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
CVE-2016-10130
The httpconnect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable...
Default credentials
An unauthenticated remote attacker may be able to disrupt services on F5 BIG-IP 11.4.1 - 11.5.4 devices with maliciously crafted network traffic. This vulnerability affects virtual servers associated with TCP profiles when the BIG-IP system's tm.tcpprogressive db variable value is set to...
bash: Specially crafted SHELLOPTS+PS4 variables allows command substitution
An arbitrary command injection flaw was found in the way bash processed the SHELLOPTS and PS4 environment variables. A local, authenticated attacker could use this flaw to exploit poorly written setuid programs to elevate their privileges under certain circumstances...
Design/Logic Flaw
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...
CVE-2014-9938
contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution...
Integer overflow
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the loadapng function and the imagesize variable...
CVE-2017-6960
An issue was discovered in apng2gif 1.7. There is an integer overflow resulting in a heap-based buffer over-read, related to the loadapng function and the imagesize variable...
CVE-2016-0770
Cross-site scripting XSS vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable...