Hello lists
Attached is a test case for causing a crash in libical 0.47 (shipped with
Thunderbird) and this was also tested against 1.0 (various versions shipped
with various email clients).
=
==24662==ERROR: AddressSanitizer:
TIMELINE
rootredrain submitted a report to Ruby.
show raw
Jun 22nd
Hi,
I would like to report a HTTP Header injection vulnerability in
'net/http' that allows attackers to inject arbitrary headers in
request even create a new evil request.
PoC
require 'net/http'
http =
*EdgeCore - Layer2+ Fast Ethernet Standalone Switch ES3526XA Manager -
Multiple Vulnerabilities*
Also rebranded as: *SMC TigerSwitch 10/100 SMC6128L2 Manager*
Object ID:
1.3.6.1.4.1.259.8.1.5
Switch Information
Main Board:
Number of Ports 26
Hardware
*Sierra Wireless AirLink Raven XE Industrial 3G Gateway - Multiple
Vulnerabilities*
*About*
http://www.sierrawireless.com/products-and-solutions/gateway-solutions/raven-series/
Rugged Design and Advanced Security for Fixed and Portable Wireless
Communication
Raven XE/XT
Compact design for
Obviously, this may be of interest to authors of security software that
aims to mitigate exploitation of 0-day: it should be possible to:
1) actively reserve memory regions referenced by such pointers to
prevent allocation by an exploit. The additional address space
fragmentation should not be a
(You can read all this information in more detail on
http://blog.skylined.nl)
Software components such as memory managers often use magic values to
mark memory as having a certain state. These magic values can be used
during debugging to determine the state of the memory, and have often
(but not
SEC Consult Vulnerability Lab Security Advisory < 20160624-0 >
===
title: XSS and information disclosure vulnerability
product: ASUS DSL-N55U router
vulnerable version: 3.0.0.4.376_2736