Hi
This is a disclosure of the following issue that was raised a week ago
on the distro’s mailing list. Both bugs on the gnome bugtracker are
currently private and should be made public now. The two attached
patches are based off the 2.9.3 libxml2 release.
A couple of weeks back while working on a related bug [CVE-2016-3627] I
discovered a specially created xml file is capable of triggering a stack
overflow before libxml2 can detect its a…
An integer wrap may occur in PHP 7.x before version 7.0.6 when reading
zip files with the getFromIndex() and getFromName() methods of
ZipArchive, resulting in a heap overflow.
CONFidence 2016 <http://2016.confidence.org.pl/en/> is coming soon. Underground
subjects, the best specialists and over 10 years of experience –
#haveCONFidence, we won’t let you down.
When and where?
May 19-20th, 2016, Forum Hotel, Krakow, Poland
Imagine mysterious, dark lobbies of an abandoned hotel and over 400
enthusiasts who share their secret knowledge on the most thrilling topics
in IT security.
We’ve released the new BlackArch Linux ISOs along with the new
installer. They include more than 1400 tools and come with lots of
improvements. The armv6h and armv7h repositories are filled with about
1300 tools.
A short ChangeLog of the Live-ISOs:
– added new (improved) BlackArch Linux installer
– include linux kernel 4.5.1
– added new blackarch linux installer
– fixed an EFI boot issue
– fixed the well-known…
# Exploit title: Observium Commercial – CSRF & Authenticated Code Execution
# Date: 28-04-2016
# Vendor homepage: http://observium.org/
# Software version: CE 0.16.7533
Authenticated remote code execution
Using either CSRF or by editing the whois binary field in the Observium webui under Settings-> System Path, an attacker
may also change the Path to either [whois, mtr, nmap] to any bash command, and by hitting the url:…
Despite the media hype and the flood of new products into the marketplace, the IoT still means the Irritant of Things for people trying to connect their homes. These difficulties are a problem, not just for these frustrated individuals, but for the industry as a whole.