CVE-2015-8078

Integer overflow in the indexurlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the sectionoffset variable. NOTE: this vulnerability exists because of an incomplete fix for...

CVE-2015-8077

CVE-2015-8077 is a Cyrus IMAP vulnerability affecting 2.3.19, 2.4.18, and 2.5.6 where an integer overflow in index_urlfetch (imap/index.c) can be triggered via urlfetch range checks and the start_octet, with impact described as unspecified. The issue is linked to an incomplete fix for CVE-2015-80...

The vulnerability of the Microsoft .NET Framework software platform allows a perpetrator to inject arbitrary web or HTML code.

The vulnerability of the ASP.NET software platform, Microsoft .NET Framework, exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject any desired web or HTML code using a specially crafted variable value...

openssh security, bug fix, and enhancement update

6.6.1p1-22 - Use the correct constant for glob limits 1160377 6.6.1p1-21 - Extend memory limit for remote glob in sftp acc. to stat limit 1160377 6.6.1p1-20 - Fix vulnerabilities published with openssh-7.0 1265807 - Privilege separation weakness related to PAM support - Use-after-free bug related...

openSUSE Security Update : sudo (openSUSE-2015-687)

sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable bsc917806. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

Design/Logic Flaw

The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service divide-by-zero error and application crash via unspecified vectors related to the headindex variable...

sudo: unsafe handling of TZ environment variable

It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the...

UBUNTU-CVE-2014-9756

The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service divide-by-zero error and application crash via unspecified vectors related to the headindex variable...

muymacho---dyld_root_path exploit analysis-exploit warning-the black bar safety net

muymacho is an exploit tool. Exists in Mac OS X 10.10.5 in dyld bug can be used to extract right to the root. In the latest chief stone of EI Capitan 10.11 in has been patched. This is an interesting bug, the use of the process is also a lot of fun. The present article aims to introduce the use o...

muymacho---dyld_root_path exploit analysis-exploit warning-the black bar safety net

from: muymachois a vulnerability in the use of tools. Exists in Mac OS X 10.10.5dyldthe bug can be used to extract right to the root. In the latest chief stone of EI Capitan 10.11 in has been patched. This is an interesting bug, the use of the process is also a lot of fun. The present article aim...

Mail.ru: [opensource.mail.ru] Debug Mode

Какая-то интересная отладочная информация. http://opensource.mail.ru/search?q=1 Самое интересное то, что от значения переменной q зависит ошибка в том или ином файле. Удалось получить 3 вида ошибок: http://opensource.mail.ru/search?q=1 undefined method gsub' for "1":Array - file: wiki.rb...

Microsoft Windows NtUserDisableProcessWindowFiltering Information Disclosure Vulnerability

This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Buffer overflow

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

CVE-2015-7809

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...

openSUSE Security Update : sudo (openSUSE-2015-703)

sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable bsc917806. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

ATutor 2.2 Session Variable Overloading Vulnerability

ATutor versions 2.2 and below suffer from a session variable overloading vulnerability. ---------------------------------------------------------------------- ATutor = 2.2 confirm.php Session Variable Overloading Vulnerability ----------------------------------------------------------------------...

[SECURITY] [DSA 3355-2] libvdpau regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3355-2 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 02, 2015 https://www.debian.org/security/faq -...

Debian DSA-3388-1 : ntp - security update

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs : - CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if : - ntpd enabled remote...