CVE-2016-0828

The CVE concerns Android mediaserver: BnGraphicBufferConsumer::onTransact in libs/gui/IGraphicBufferConsumer.cpp failing to initialize a slot variable. This uninitialized state can let a remote attacker trigger an ATTACH_BUFFER action to read sensitive data and bypass a protection mechanism. Affe...

Exim Local Privilege Escalation

============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privilege Escalation Exploit II. BACKGROUND...

perl: improper input validation

Stephane Chazelas discovered a bug in the environment handling in Perl. Perl provides a Perl-space hash variable, %ENV, in which environment variables can be looked up. If a variable appears twice in envp, only the last value would appear in %ENV, but getenv would return the first. Perl's taint...

Exim < 4.86.2 - Local Privilege Escalation

============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privilege Escalation Exploit II. BACKGROUND...

HEVD - HackSys Extreme Vulnerable Driver

HackSys Extreme Vulnerable Driver is intentionally vulnerable Windows driver developed for security enthusiasts to learn and polish their exploitation skills at Kernel level. HackSys Extreme Vulnerable Driver caters wide range of vulnerabilities ranging from simple Buffer Overflows to complex Use...

Fedora 22 : php-horde-Horde-Service-Weather-2.3.1-1.fc22 / php-horde-Horde-Core-2.22.4-1.fc22 / etc (2015-d799a5e72b)

HordeCore 2.22.4 mjr SECURITY: Fix XSS in HordeCoreVarRendererHtml reported by Centurion Information Security. mjr Support sending MDN via ActiveSync Request 23080. HordeCore 2.22.3 mjr Fix issue with synchronizing IMAP folder names that contain only numbers. HordePerms 2.1.6 mjr Use NULL instead...

Mageia: Security Advisory (MGASA-2016-0079)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated glibc packages fix security vulnerabilities

Updated glibc fixes the following security issues: A stack overflow unbounded alloca could have caused applications which process long strings with the nan function to crash or, potentially, execute arbitrary code CVE-2014-9761. A stack-based buffer overflow in getaddrinfo allowed remote attacker...

SUSE SLED11 / SLES11 Security Update : glibc (SUSE-SU-2016:0472-1)

This update for glibc fixes the following issues : - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed remote attackers to cause a crash or execute arbitrary code via crafted and timed DNS responses bsc961721 - CVE-2015-8777: Insufficient checking of LDPOINTERGUARD environment...

glibc: multiple issues

CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...

lib32-glibc: multiple issues

CVE-2015-7547 arbitrary code execution A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the...

Vulnerability of the Cyrus IMAP mail server and operating systems openSUSE and OpenSUSE Leap, allowing attackers to compromise the integrity and accessibility of protected information

The vulnerability of the indexurlfetch function imap/index.c in the Cyrus IMAP server and on the OpenSUSE and OpenSUSE Leap operating systems is caused by a numerical overflow issue. Exploiting this vulnerability allows an attacker to compromise the integrity and accessibility of protected...

Libsys图书管理系统 V5.5 变量覆盖漏洞

登陆页面 sessionstart ; if isset $REQUEST'username' $strUser = trim $REQUEST'username' ; $strInput = trim $REQUEST'passwd' ; $strMsg = "用户名或者密码错误"; switch $strUser case "opacadmin" : $strPassWd = $strPassWdFile; $strMsg = verifypwd $strInput, $strPassWd ; if $strMsg == true $SESSION'ADMINUSER' =...

Apple Mac OSX / iOS - Multiple Kernel Uninitialized Variable Bugs Leading to Code Execution

Exploit for multiple platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=618 The ool variations of the IOKit device.defs functions all incorrectly deal with error conditions. If you run the mig tool on device.defs you can see the source of th...

Metabrik - Perl Brik Platform

Smartphones have their apps, Web browsers have their apps, shells don’t. With Metabrik , we tried to merge the power of shells with the power of the Perl language by creating a platform allowing to quickly write reusable Briks. Metabrik goals: Glue the Perl language with a shell Give a standardis...

GNU C Library Security Mechanism Bypass Vulnerability

glibc is the libc library, or c runtime library, released by GNU. A security vulnerability exists in the function processenvvars within elf/rtld.c of the GNU C Library, where a local attacker can bypass the pointer guard protection mechanism by using a zero value within the LDPOINTERGUARD...

DEBIAN-CVE-2015-8777

The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...

Null pointer dereference

The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...

CVE-2015-8777

The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...

CVE-2015-8777

The processenvvars function in elf/rtld.c in the GNU C Library aka glibc or libc6 before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LDPOINTERGUARD environment variable...