When Machine Learning Meets Vulnerability Discovery: Challenges and Lessons Learned

In recent years, machine learning has demonstrated impressive results in various fields, including software vulnerability detection. Nonetheless, using machine learning to identify software vulnerabilities presents new challenges, especially regarding the scale of data involved, which was not a...

buffer_overflow

This is a repository for a buffer overflow assignment, specifically targeting six vulnerable programs. The repository contains the source code for the vulnerable programs, as well as a Makefile and a Python script for building and testing the exploits. The vulnerable programs are written in C and...

postgresql: multiple issues

CVE-2016-5423 arbitrary code execution It was discovered that certain SQL statements containing CASE/WHEN commands could crash the PostgreSQL server, or disclose a few bytes of server memory, potentially leading to arbitrary code execution. - CVE-2016-5424 privilege escalation It was found that...

Crystal Office Suite 1.43 Buffer Overflow

Title: ====== Crystal Office Suite v1.43 - Buffer Overflow Vulnerability Date: ===== 2012-04-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=489 VL-ID: ===== 489 Introduction: ============= Crystal Office is the essential office suite ideal for home and business user...

Multiple Media Players ((iTunes QuickTime) - HTTP DataHandler Overflow

Multiple Media Players iTunes QuickTime - HTTP DataHandler Overflow ScaryMovie Exploit Study By: DrIDE October, 2009 There is a widespread failure in the way that .MOV files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. Nearly every .MOV enabled...

Multiple Media Players ((iTunes / QuickTime) - HTTP DataHandler Overflow

ScaryMovie Exploit Study By: DrIDE October, 2009 There is a widespread failure in the way that .MOV files are handled by the Quicktime Library. I have attempted to compound my findings on this issue. Nearly every .MOV enabled application that I tested fell victim to this exploit. This is a local...

U.S. Defense Information Systems Agency (DISA) Unix Security Readiness Review (SRR) root compromise / VU#433821

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Executive Summary - ----------------- Unprivileged local users can obtain root access on Unix systems where the DISA SRR scripts are run. If a remote user can introduce a file into the filesystem e.g. anonymous ftp, http upload, cdrom, samba share,...

MIT Kerberos (krb5) ftpd and ksu do not properly validate seteuid() calls

Overview Privilege escalation vulnerabilities in MIT krb5 ftpd and ksu may allow an authenticated attacker to execute arbitrary code. Description The MIT krb 5 ftpd and ksu programs contain multiple privilege escalation vulnerabilities. These vulnerabilities are dependent on the host operating...

90% of programs made in PHP5 and prior Full Path Disclosure vuln.

:Introduction: Normally one of the last steps when accessing to a web-server is to find the url where the web is installed more common in RFD. This may be a hard step, if the RPD is the only bug in that server, but PHP programs have functions that unexpectedly can return lots of errors. ATTENTION...

Solaris 8 libsldap buffer overflow

DESCRIPTION The library implementing LDAP naming services on Solaris 8, libsldap, contains a buffer overflow in the initialization code. While parsing the environment variable LDAPOPTIONS, a fixed size buffer is used to store its contents which can be of any length. This is a straightforward buff...