An issue was discovered in Erlang/OTP 18.x. Erlang’s generation of compiled regular expressions is vulnerable to a heap overflow. Regular expressions using a malformed extpattern can indirectly specify an offset that is used as an array index. This ordinal permits arbitrary regions within the erts_alloc arena to be both read and written to.
CVE-2017-7177
Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
WikiLeaks Won't Disclose CIA Exploits To Companies Until Certain Demands Are Met
It’s been over a week since Wikileaks promised to hand over more information on hacking tools and tactics of the Central Intelligence Agency (CIA) to the affected tech companies, following a leak of a roughly 8,761 documents that Wikileaks claimed belonged to CIA hacking units.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so
[CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting
Posted by 陈彦羽 on Mar 18
Hello:
The following is my application vulnerabilities.
---------------------------------------
---------------------------------------
[CVE-2017-6878]:MetInfo5.3.15 Stored Cross Site Scripting
Application: MetInfo
Versions Affected: 5.3.15
Vendor URL: http://www.metinfo.cn/
Software Link:…
TS Session Hijacking / Privilege escalation all windows versions
Posted by Alexander Korznikov on Mar 18
Terminal Services / Console Session Hijacking can lead to Privilege
Escalation.
Vulnerability Details.
A privileged user, which can gain command execution with NT
AUTHORITY/SYSTEM rights can hijack any currently logged in user’s session,
without any knowledge about his credentials.
Terminal Services session can be either in connected or disconnected state.
This is high risk vulnerability which allows any local admin to hijack a
session…
RHSA-2017:0558-1: Critical: firefox security update
Red Hat Enterprise Linux: An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of
Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a
detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
CVE-2017-5428
DSA-3811 wireshark – security update
It was discovered that wireshark, a network protocol analyzer, contained
several vulnerabilities in the dissectors for ASTERIX, DHCPv6,
NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to
various crashes, denial-of-service or execution of arbitrary code.
DSA-3812 ioquake3 – security update
It was discovered that ioquake3, a modified version of the ioQuake3 game
engine performs insufficent restrictions on automatically downloaded
content (pk3 files or game code), which allows malicious game servers to
modify configuration settings including driver settings.
Vuln: Google Android NFC CVE-2017-0481 Privilege Escalation Vulnerability
Google Android NFC CVE-2017-0481 Privilege Escalation Vulnerability
Vuln: Metasploit Multiple Directory Traversal Vulnerabilities
Metasploit Multiple Directory Traversal Vulnerabilities