The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
All posts by 007admin
CVE-2017-7610
The check_group function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7606
coders/rle.c in ImageMagick 7.0.5-4 has an “outside the range of representable values of type unsigned char” undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image.
CVE-2017-7605
aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion failure, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.
CVE-2017-7611
The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file.
CVE-2017-7604
au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file.
Beware of an Unpatched Microsoft Word 0-Day Flaw being Exploited in the Wild
It’s 2017, and opening a simple MS Word file could compromise your system.
Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office on fully-patched PCs.
The Microsoft Office zero-day attack, uncovered by researchers
NSE script for exploiting BOF in Microsoft's IIS 6.0 and Windows Server 2003
Posted by Rewanth Cool on Apr 09
Hi,
I’m sorry, I was not aware of the FD group and I was sending all my work to
the developers group (dev () nmap org). So now, I’m forwarding all my
vulnerability detection and exploitation NSE scripts to this group.
I developed an NSE script for the most recently found vulnerability.
It exploits the Buffer Overflow vulnerability in Microsoft Internet
Information Services (IIS) 6.0 and Microsoft Windows Server 2003.
Its marked…
NSE Script for exploiting Directory traversal vulnerability in WordPress
Posted by Rewanth Cool on Apr 09
NSE Script for exploiting Directory traversal vulnerability in the Elegant
Themes Divi theme for WordPress.
It is marked under CVE-2015-1579.
Its patched for WordPress versions > 4.1.4
This script is under “vuln”, “intrusive” and “exploit” categories. So if
someone who scans the website using these modules it will disclose the
vulnerability to the end user.
There is a PR on #778 <…
NSE scripts for XSS and session hijacking in AsusWRT
Posted by Rewanth Cool on Apr 09
ASUSWRT is a wireless router operating system that powers many routers
produced by ASUS.
NSE scripts for CVE-2017-6547 ( XSS ) and CVE-2017-6549 ( Session stealing
) are developed for AsusWRT.
The script comes under “vuln”, “intrusive”, “exploit”, “dos” categories.
Failed attempts lead to dos attack.
There is a PR on #779 <https://github.com/nmap/nmap/pull/779> regarding the
both the latest…