-English--Administración-
  • Proyectos Proyectos de ingeniería inversa, biometría, seguridad web, criptoanálisis...
  • Ubicación Laboratorio de Criptología - Facultad de Informática - Campus de Montegancedo
Vulnerabilidades
22 de Marzo
pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow vulnerability because it fails to properly process a specially crafted png file. This issue affects the 'process()' function of the 'pngdefry.c' source file.
0.0[+]
22 de Marzo
A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and earlier allows remote attackers to execute arbitrary code via a GET request.
0.0[+]
22 de Marzo
GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based buffer overflow while processing a bogus input script, leading to a program crash. This relates to lack of '\0' termination of a name field in ldlex.l.
0.0[+]
22 de Marzo
The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well.
0.0[+]
22 de Marzo
The find_nearest_line function in addr2line in GNU Binutils 2.28 does not handle the case where the main file name and the directory name are both empty, triggering a NULL pointer dereference and an invalid write, and leading to a program crash.
0.0[+]
22 de Marzo
The find_nearest_line function in objdump in GNU Binutils 2.28 is vulnerable to an invalid write (of size 1) while disassembling a corrupt binary that contains an empty function name, leading to a program crash.
0.0[+]
22 de Marzo
GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer overflow (of size 1) while attempting to unget an EOF character from the input stream, potentially leading to a program crash.
0.0[+]
22 de Marzo
A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php).
0.0[+]
21 de Marzo
Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML.
0.0[+]
21 de Marzo
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.
0.0[+]
Ver todas
logo upm
logo fi
© CriptoLab 2017 webmaster
Valid HTML5 Valid CSS! Valid CSS! Valid CSS!