QEMU ‘get_cmd()’ Function Denial of Service Vulnerability
Monthly Archives: November 2016
Vuln: Xen CVE-2016-7094 Local Denial of Service Vulnerability
Xen CVE-2016-7094 Local Denial of Service Vulnerability
Vuln: Xen CVE-2016-6258 Privilege Escalation Vulnerability
Xen CVE-2016-6258 Privilege Escalation Vulnerability
Vuln: QEMU '/hw/net/mipsnet.c' Remote Buffer Overflow Vulnerability
QEMU ‘/hw/net/mipsnet.c’ Remote Buffer Overflow Vulnerability
Positive Hack Days VII Call For Papers
Call For Papers for Positive Hack Days VII which will take place May 23rd through the 24th, 2017 in Moscow, Russia.
x33fcon 2017 Call For Papers
The call for papers for x33fcon has been announced. It will take place April 24th through the 28th, 2017, in Poland.
Siemens SIMATIC Cookie Settings / Cross Site Request Forgery
Multiple versions of Siemens SIMATIC suffer from a cross site request forgery vulnerability and poor cookie security settings.
ntpd 4.2.7.p22 / 4.3.0 Denial Of Service
ntpd versions 4.2.7p22 up to but not including 4.2.8p9 and 4.3.0 up to, but not including 4.3.94 suffer from a remote denial of service vulnerability. The vulnerability allow unauthenticated users to crash ntpd with a single malformed UDP packet, which cause a null pointer dereference.
WonderCMS 0.9.8 Cross Site Scripting
WonderCMS versions 0.9.8 and below suffer from a cross site scripting vulnerability.
Ubuntu Security Notice USN-3135-1
Ubuntu Security Notice 3135-1 – Chris Evans discovered that GStreamer Good Plugins did not correctly handle malformed FLC movie files. If a user were tricked into opening a crafted FLC movie file with a GStreamer application, an attacker could cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking the program.