Microsoft Windows suffers from a uniscribe font processing heap-based buffer overflow vulnerability in USP10!ttoGetTableData.
1036003b55e9803f13366cbd90b0b3253577d8defb5b2332a29bfcdf6f5ea01e
Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability in USP10!MergeLigRecords.
b03ce8b02b92aac1a5794298beb93487bd04a1ecc3e92d4bd3146b8cee535a2e
Microsoft Windows suffers from a uniscribe font processing heap-based memory corruption vulnerability in USP10!otlCacheManager::GlyphsSubstituted.
1bd880c0af67e97f521d59bf8c0ad3a3a1545f5c03974f514248a1af6afea6e9
Microsoft Windows suffers from a uniscribe font processing out-of-bounds read/write vulnerability in USP10!AssignGlyphTypes.
54bd1c24e20a2ed83b1c05981225e62254aa9d9e5ee54c57aec3a8b4e2e73f0f
Microsoft Windows suffers from a uniscribe font processing heap-based buffer overflow vulnerability in USP10!otlList::insertAt.
01f16a9fdd196b607c53532a9c54c5145240d3154eef2f3812f5052cdb413615
Microsoft Windows suffers from a uniscribe font processing out-of-bounds read in usp10!otlChainRuleSetTable::rule.
c9574d6c38cb198f8f8d4715734fcd991bb212fa0ff4bd4871cdd469b047282c
The Microsoft Windows kernel suffers from hive loading crashes in nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages.
c0c9f385d6a3ca0455940f14112e0baedb6607593051dca745cd9940fced29ca
Google Nest Cam version 5.2.1 suffers from buffer overflow conditions over bluetooth LE.
83ef9172b8314085199e09c18b9b81b0aab7eabd466d67966b771810fb57d7d6
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
b08cf69aa27f83187244b525225e8f921c319ebe15b8935e92544c96a6570f0a
This Metasploit module utilizes an administrative module which allows for command execution. This page is completely unprotected from any authentication when given a POST request.
cfcbce3052c73130003476d0ee627bdcb72ab71008ac686ffaae35583cfb31c0
EMC RecoverPoint update contains a fix for an SSL stripping vulnerability that may potentially be exploited by malicious users to compromise the affected system. Versions prior to 5.0 are affected.
8279c37d5fc37aaeb794e695f885941bc5413f2602ef275e025af37d36f98b7e
Ubuntu Security Notice 3238-1 - An integer overflow was discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash or execute arbitrary code.
b6b00bdea5a46267871ff5572e784dc568cabd5a7a8f0ea1e960b32c132c6319
Debian Linux Security Advisory 3796-2 - CVE-2016-8743 meant being more stringent when dealing with whitespace patterns in HTTP requests, and that change broke the upload tool of sitesummary-client.
9f454c966cfbe982bd6953ab0bde1b10a4a667a1dd3b4d83f34331327a46db91
HP Security Bulletin HPSBUX03596 2 - A security vulnerability in Samba was addressed by HPE HP-UX running CIFS Server (Samba). The vulnerability could be exploited resulting in remote access restriction bypass and unauthorized access. Revision 2 of this advisory.
d841f519b91c644cd53e085dff736d033e160d2adae9e3588ae69a1f6ed05cb1
Ubuntu Security Notice 3237-1 - It was discovered that FreeType did not correctly handle certain malformed font files. If a user were tricked into using a specially crafted font file, a remote attacker could cause FreeType to crash, resulting in a denial of service, or possibly execute arbitrary code.
043ff2b27d9d296fe83b51e3661fdcb9e5855895d2618bc4c4729e92302fa76c
Ubuntu Security Notice 3183-2 - USN-3183-1 fixedCVE-2016-8610 in GnuTLS in Ubuntu 16.04 LTS and Ubuntu 16.10. This update provides the corresponding update for Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Stefan Buehler discovered that GnuTLS incorrectly verified the serial length of OCSP responses. A remote attacker could possibly use this issue to bypass certain certificate validation measures. This issue only applied to Ubuntu 16.04 LTS. Shi Lei discovered that GnuTLS incorrectly handled certain warning alerts. A remote attacker could possibly use this issue to cause GnuTLS to hang, resulting in a denial of service. This issue has only been addressed in Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that GnuTLS incorrectly decoded X.509 certificates with a Proxy Certificate Information extension. A remote attacker could use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. It was discovered that GnuTLS incorrectly handled certain OpenPGP certificates. A remote attacker could possibly use this issue to cause GnuTLS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
c20be476843f82dbeef2f80230bbcaa5a17fdb8eea114d74c07fde2da3274f09
This shellcode uses CreateFile and tries to read a non existing network path. You can use tools such as Responder to capture NetNTLM hashes. The shellcode can be modified to steal hashes over internet. SMBRelay attacks can also be performed.
2491b63c867c622c3989731692259fbf0c1e25e9f5dc567cec8b45443580d9f2
ExtraPuTTY version 029_RC2 suffers from a denial of service vulnerability.
0043f5e8be30c2dacc702f3813eff38d378406972789c13975cb074a84e70843
Red Hat Security Advisory 2017-0559-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix: Multiple integer overflow flaws, leading to heap-based buffer overflows, were found in OpenJPEG. A specially crafted JPEG2000 image could cause an application using OpenJPEG to crash or, potentially, execute arbitrary code. A vulnerability was found in the patch for CVE-2013-6045 for OpenJPEG. A specially crafted JPEG2000 image, when read by an application using OpenJPEG, could cause heap-based buffer overflows leading to a crash or, potentially, arbitrary code execution.
cf1a2baceb0a6cb4020ae9a518c4553bc770b2638def72f156336ff01db72e25
Gentoo Linux Security Advisory 201703-3 - A buffer overflow in PuTTY might allow remote attackers to execute arbitrary code or cause a denial of service. Versions less than 0.68 are affected.
bf2e380ea3c1c66d7992ffd39196ce810ddc34c559ff53caf3d2462d9b6e0e3f
Gentoo Linux Security Advisory 201703-2 - Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Versions less than 25.0.0.127 are affected.
c51f8a0051e7270f97a95bcf1711ad8b3aa56c17825334c096efb33f1dcfa87c
FTPShell Sever version 6.56 ChangePassword buffer overflow exploit.
7a7829b9b8916e50eb5bc8a3e094b666b5819672c7f8b48a17e2e8b398e775c0
ClipBucket versions 2.8.2 and below suffer from multiple cross site scripting vulnerabilities.
bfc96451c84b6bad73bcd5ad0551dca3f08ed1c7a2f10bc94fa4faa643149557
iFdate Social Dating Script version 2.0 suffers from a remote SQL injection vulnerability.
8e259311b82da0fdf2f723f5691008d575533e9e60a40c045499817c4c91a096