Headline
CVE-2011-0419: All about me - Maksymilian Arciemowicz
Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.
Welcome on my page!
What are you looking for?****Check my latest research.****Oracle Critical Patch Update Advisory - January 2019 - Security-In-Depth
macOS Mojave 10.14 Carbon Core - Arbitrary code execurtion
Apple iOS/tvOS/watchOS Remote memory corruption through certificate
Apple macOS 10.12.1 and others SecureTransport SSL handshake OCSP MiTM and DoS
Apple macOS 10.11/10/.12 Antyvirus bypass (0-day)
GNU glibc catopen() Multiple unbounded stack allocations
Magento CMS Multiple Man-In The Middle
Projects:****CXSECURITY.COM - Open Bugtraq****(WLB2) World Laboratory of Bugtraq is a huge collection of information on data communications safety. Its main objective is to inform about errors in various applications. The WLB tolerance does not exclude information on errors in a configuration or other entries of this kind of dangerous operations character. One of the basic foundations of “World Laboratory of Bugtraq” is interaction with users. Each safety note, can be reported, and then verified by the CXSecurity.
CIFREX.ORG - Tool for static code analysis****cIFrex is a web application written in PHP,Python,C++, which supports search for vulnerabilities in the analysis of the source code. Using the database of filters based on regular expressions, you can quickly locating the code, in which the probability of failure is high. You will just need to have the source code on a computer with the access to cIFrex in order to be able to fully benefit from the possibilities of the new methodology.
**Contact:****Email: [email protected]****
Use this GPG key to encrypt message
-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBEyV/94BEAC40SpLGJC5QZyQcACeCWrVn7OHq+paHvO6j4SMLXzFqG/AmGpg s76yvKJWUpaGetImw8VXYk06Gd5SlmMeZDi9zfzdEw4UXp81qkyWYOa6OEKlg1UJ AHXdOTctF5x2yfZGtwU+BhtN6xmaJXQl7ZeQrH95RNPU+fDO+k7p0N9qztPzXCVZ SREHcodD51CwbyLo1PM25XcC3vlvhVQFY36KCxoO5/BkUUIDoqAv9MaiPNBPM1Wm 4rv//Wz8un45geR+7cqEI5R7YxlqslV/RdhCsgeVF+s1eP+DB/pv2f/HWm7UuiQg p6tU3X3dlbFzpeApm6TcTXrtttMPE8/w8sStSDNEsrI4uKG5v++vpOAu6mQj1u6i 5QPpgOECy0QdhXPSHlwOG6p1Yh5Tt+JcgqfDZ7LY4BGd2hkzKG6+kfi1328ndF3Q vlWN1VK6uaRfC11obRHSba2xyLWnAroJjoLY9GEOt1rWeg+r7N8sQGCjQ/HObllx FJ8W9OTL9Pr/khOdkQR57pRqUfILYeSbAs7ycYwxZe0aYtZgZYuKyZNmy9AsBKiD 6aYXMNITM/ioTt0FKvsshe7tyQq6m4leSo99sKajWnN0viO3r8UXlC6ZL+K2uuT4 pbAmYizfA7OGk5IiPduwgtiNCMegc3CED5xRayb5QXoxXmltUctmjb6zhQARAQAB tCtNYWtzeW1pbGlhbiBBcmNpZW1vd2ljeiAoY3gpIDxtYXhAY3hpYi5uZXQ+iQI4 BBMBAgAiBQJMlf/eAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCDvPnc 1uW1MKq4D/99Rl6589i6dJnKyRWUxUVhEIIh3/Yl20oGCO40WHNRKtxhs+E07Ksc 3kEfoFHxaHxdb6AJPq5Y1b4xshvT9UnL4JHXEdl6uH56lgVOthgYgSZ5GmncweLW HeXon5p2TbihL7NI8Qpotj5jC1v+toEzaDEpqHNVN1K26KVan2li9kDDbd6N9/5B FEr4gAVwfmrHooh34NBqZZWL+ZXVeqLbUZ0+R8kOIgFOm1Za6MA2lGryAwpPk6qm hURZ8ATkXM9Dwz02Y9h2mX//cb8VTRfFuuDgP7A5Xg1jJTCa41Z5uZTCzAOigCL1 XxG/YNX62fj5ZaIgXyrZ45OWVOTwdFFt//KQ4bixdv1JfwQGaID73ND77Q2GkpVQ tuQAMNzi7sVpw4KO0NbuwptvxbMtJbJbMRLV7AMJIUcZ1syoEz3IGPc7DWe/4SIA jHmXaHU7qw0jC5YqnuwdZwLmBzOp53+NoOYW2uRc38r4y6NZOaWjDzLlcr/vgNzJ DTW52aXopAcw7cjUKLKfvBEO9nDSxN8aQPSpyigrTRzZ+wZZwhqycLfqEfLt0V9u LFj+SWAkWRARkQPd/3+uLHIZmiQ5nEoTfxhhjLZiaWGXLndXEbcmQxnaaAgxvO0f XEK48Eesh+AEKAzwKlC2L2zkvvWwVwoSBpOFnCWPgOP5X9sJSZHsGLkCDQRMlf/e ARAAwL2uc54tTvkqDGt4yePJzwrev9aI+SsNEkD2niDE+IanQ8tJvcxa2MqgRU3j qcgYbFHr5YLzQG+fW4hkCSkKyPhew+63TjfPJjhLjo7dqebW+zcXFgmcCvbv0+An yxQacfsF+3Lbv+NBEYtSh3TiP/DKdcw/kfaOyQepbvfV162tTGwkTdcoVDkF69uX Glmc4n3XhWd6cVy0XpzZARDfqKw/MQVvTvD3Lpr+NbjxksMGe8pcpWGBA1+J4rOE zbCL4AQ841qblFliouBnJkaczdTEJVaXtG2iBTiBSdl6WrMKbR0lQAlKQTXe+kGb ZCnXiV4LBfPVt9UKXQHN2+kgKhM3+b6steM8TsmMF5OUshsqY0q0aqfgW8goqZ+N auQb2yYTTWYrvFB2zcmXXmtK2S7rMyQiGcLxUwTI97zUzM0HlCpx0i9IxZladCrp t4X4jGTHAnxkTU0qmvCapXZmFRYSVH73rsq1PiV8IlTLOzpdju962Hg7Vx9fj0Nx DPwdnkZi/y020ZTkkFDQknyNxMKIpjKiNJ72whcuve1TnpQt1bIxVkvWjKHRAdNy A3hGn6TLRjYXnrtQCcD0HtBI3d7uuMpBAc50yaZsXks/wLL8vIjE/OnLvFqZJ/oL dBpX6TDjmE+lfpgWExKQRSvM3z6QVXGj0OqRd3iwut34TvUAEQEAAYkCHwQYAQIA CQUCTJX/3gIbDAAKCRCDvPnc1uW1ML2HD/9RHsfVMEYFPUYkUP/FoOVlzth6ijcz AqFPVDdAd3J2UFfCYKkqMXq+LenNU9KREI6xJrktDVfL+R1sWHNwhx8vYDAQWZ62 VvKG36ZqgbSzYAxaBZA5HWNK3F4KzsTT7pzRNBU52ZsVMsHWA42nmxNlasHMRDZA hSrkLPyIMtoL5lzZ2ELSQEezcpIqH1vGAicT2+tZeCLAHZTMpeKAZIuWjMEoQtXH hE2syCv/K5lTDvjSGAPCi4By97WgecA/SWqdO6FH5vleLwj3PJBjF2iyPBgFDBD4 pLpp1P/xFDU/M7Rl0mcJH1nM82i1JKmohqTYJHeu7Kb3vY4C3NEwghVzsWhCLe1a nIhh/qkPOGBghygI1cUVP8fo4nspqApvXtN2qdT6jy/PKMkqob66vusNY759kRVs hpA0P8gTZ2jFm4VCrccBvR+yRrSZtFR0fphrwGoFwhHd2fTXtJo6JYhQOFUMg7m4 kBOeEUjmDoJFrxZycWowLLU9ao7jB+1qUCt9EsT6oA442CJcAP5kohHN+xzSiXhV 6uRII8B4I+c0Oyw4ld5VKVlk1nueVifZYFPKDJ07t48d8dGtUbGqNO93Mxy3YHfl QvjN8M7Oov7LZ5kue6aL1IeWJxEfko/nZFaCfXqqIGwxspDWRwGuGDnKkqPGJR0t fjZe+G0TJgIG+Q== =9W/9 -----END PGP PUBLIC KEY BLOCK-----
Copyright 2022, cxib.net**
Related news
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.