UBUNTU-CVE-2014-9756

The psffwrite function in fileio.c in libsndfile allows attackers to cause a denial of service divide-by-zero error and application crash via unspecified vectors related to the headindex variable...

muymacho---dyld_root_path exploit analysis-exploit warning-the black bar safety net

muymacho is an exploit tool. Exists in Mac OS X 10.10.5 in dyld bug can be used to extract right to the root. In the latest chief stone of EI Capitan 10.11 in has been patched. This is an interesting bug, the use of the process is also a lot of fun. The present article aims to introduce the use o...

muymacho---dyld_root_path exploit analysis-exploit warning-the black bar safety net

from: muymachois a vulnerability in the use of tools. Exists in Mac OS X 10.10.5dyldthe bug can be used to extract right to the root. In the latest chief stone of EI Capitan 10.11 in has been patched. This is an interesting bug, the use of the process is also a lot of fun. The present article aim...

Mail.ru: [opensource.mail.ru] Debug Mode

Какая-то интересная отладочная информация. http://opensource.mail.ru/search?q=1 Самое интересное то, что от значения переменной q зависит ошибка в том или ином файле. Удалось получить 3 вида ошибок: http://opensource.mail.ru/search?q=1 undefined method gsub' for "1":Array - file: wiki.rb...

Microsoft Windows NtUserDisableProcessWindowFiltering Information Disclosure Vulnerability

This vulnerability allows local attackers to leak sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

Buffer overflow

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

CVE-2015-5218

Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service crash via a crafted file, related to the page global variable...

CVE-2015-7809

The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the self variable in a template...

openSUSE Security Update : sudo (openSUSE-2015-703)

sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable bsc917806. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...

ATutor 2.2 Session Variable Overloading Vulnerability

ATutor versions 2.2 and below suffer from a session variable overloading vulnerability. ---------------------------------------------------------------------- ATutor = 2.2 confirm.php Session Variable Overloading Vulnerability ----------------------------------------------------------------------...

[SECURITY] [DSA 3355-2] libvdpau regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-3355-2 [email protected] https://www.debian.org/security/ Alessandro Ghedini November 02, 2015 https://www.debian.org/security/faq -...

Debian DSA-3388-1 : ntp - security update

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs : - CVE-2015-5146 A flaw was found in the way ntpd processed certain remote configuration packets. An attacker could use a specially crafted package to cause ntpd to crash if : - ntpd enabled remote...

CVE-2006-0097

Stack-based buffer overflow in the createnamedpipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long 1 arghost or 2 argunixsocket argument, as demonstrated by a long named pipe variable in the host argument to the...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

DLA-335-1 ntp - security update

Bulletin has no description...

OpenEMR globals.php Authentication Bypass (CVE-2015-4453)

An authentication weakness vulnerability exists in OpenEMR, specifically in the globals.php script. The vulnerability is due to variable name collision during HTTP parameter extraction. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the...

Kentico CMS 8.2 Cross Site Scripting / Open Redirect

Web application Kentico CMS 8.2 XSS / Open Redirection The CVE-2015-7823 reference is still waiting my disclosure. The exploit works on 8.2 to 8.2.41 I've contacted the vendor and he fixed the vulnerability in the next major version Vulnerability type: Reflected XSS High The elementguid variable ...

Mageia: Security Advisory (MGASA-2015-0364)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework...