Memory issues and remote overflows have been addressed in MySQL. They have been addressed in the large patch release in January, 2017.
Monthly Archives: January 2017
Linux/x86_64 TCP/5600 Bind Shellcode
87 bytes small Linux/x86_64 shellcode that binds to TCP/5600.
Top N Sniff
The goal of this guide is to provide a reliable and fast way for creating a lan tap for red team assessments of networks. While this was the authors’ main target this tap is also quite helpful if you want to have a great device for your daily analysis of network attached computers. Before they started with their implementation they made a list of things which were mandatory. The hardware had to be small, have at least two lan ports and wifi, cheap and opensource included or available.
DSA-3768 openjpeg2 – security update
Multiple vulnerabilities in OpenJPEG, a JPEG 2000 image compression /
decompression library, may result in denial of service or the execution
of arbitrary code if a malformed JPEG 2000 file is processed.
br3aking c0de 2017 Call For Papers
The Call For Papers for br3aking c0de 2017 has been announced. It will take place April 22nd, 2017 in a currently undisclosed location.
Vuln: Ghost 'Your profile' Page HTML Injection Vulnerability
Ghost ‘Your profile’ Page HTML Injection Vulnerability
Vuln: Symphony CMS CVE-2017-5542 Cross Site Scripting Vulnerability
Symphony CMS CVE-2017-5542 Cross Site Scripting Vulnerability
Vuln: Subrion CMS CVE-2017-5543 PHP Object Injection Vulnerability
Subrion CMS CVE-2017-5543 PHP Object Injection Vulnerability
Vuln: Symphony CVE-2017-5541 Directory Traversal Vulnerability
Symphony CVE-2017-5541 Directory Traversal Vulnerability
CVE-2016-5725 (jsch)
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a .. (dot dot backslash) in a response to a recursive GET command.